Versions Compared

Old Version 6

changes.mady.by.user Unknown User (s.wartenberg)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (d.necas-niessner)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This article describes the best practices concerning security when installing and using Blueriq. 

Blueriq Studio

User management

When running the installer to install Blueriq Studio (Installing Blueriq), 3 users are created:

...

Note
Please make sure to change the default password during installation.

After the typical / custom installation the users are stored locally. Although the credentials are encrypted within Studio, it is advisable to authenticate against an Active Directory instead. This way managing users is done outside Blueriq and you have more control over password and lockout policies. Also the passwords are stored in the Active Directory and not within Studio.

To install or change Blueriq Studio security and user management, please read this article: Studio Configuration

Since Blueriq 9.7 we've added Kerberos support which is the prefered protocol by Microsoft over NTLM: Kerberos support

Securing the administation page

During installation of Studio, an administration console is also installed. Via this console it is possible to download or upload a Studio repository. The Studio repository contains the models and business logic so it is advisable to secure this console. This is done by following the steps in this article: Studio Configuration.

Encrypting a project export

In Studio, it is possible to export a project (.zip file) which can be deployed to the Blueriq Runtime (Export a project). It's advisable to check the "Encrypt" box before exporting so the .zip file does not contain the application model in plain text. Instead of exporting project manually, Blueriq also provides an application called Blueriq Publisher which automates the distribution of applications over environments.

Blueriq Runtime

Installation

Installing the Blueriq Runtime is done by following the steps in one of the articles below:

Please read these articles to know more about the inner workings of the Blueriq Runtime (Blueriq RuntimeDeveloping with Blueriq Studio and Runtime). With the release of Blueriq 10 in Q1 2017, configuring the Blueriq Runtime will change quite a bit so please make sure to read R10 Configuration changes [editor] before migrating to R10.

Encrypting connection passwords

In a development environment, after installation, the first thing that needs to be done is connecting to a Blueriq Studio to retrieve projects. This can be done by editing the aquima.properties (R10: application-dev.properties) or via the development dashboard (Configure Studio connection). In R9 it is advisable to use the development dashboard to connect because this way the password is encrypted.  

Other connections like SOAP or REST connections which use authentication should also be configured using the development dashboard so these passwords are encrypted as well (Solutions for configurable web service location).

...

Best practices about security can be found here: Security.