Welcome to the Connections Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by the Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events, please visit our Connections page.


Security Issue w/ HCL Connections Component Managed Alias

Per the customer:

 

Specification of component-managed aliases on JAVA EE resources is prohibited.  Currently this is a requirement and the customer's policy states: "Any Java EE application that runs within the cell can potentially access any Java EE resource.  This is because resources have JNDI names that can be looked up by any application, and there is no authorization on resource access.   Thus, if applicationA uses an enterprise database, simply by defining the database as a data source, it is possible that application B in the same cell can access this database.

If you choose to use this approach, you obviously will still want the appropriate applications to have access to these resources.  To do this, those applications must specify local resource references in their deployment descriptors to access theresource.  Those references can then be bound at deployment time to the correct resources.  If the application specifies container managed authentication on the reference, then a container managed alias defined on the resource itself will be usedimplicitly."

1. Login to DMGR console click on Resources > Data Sources > scope to the particular Cluster and click on the Datasource.

2. Under Security settings select ‘none' for Component-managed authentication alias from drop down menu.

3. Save, sync and restart the nodes and related JVMs.  Implementing this configuration prevents HCL Connections from operating.  We're requesting that Connections be updated to allow this configuration to work.

Implementing this configuration prevents HCL Connections from operating.

We need the one of the following:

1. Change necessary to allow for this setting.

2. Documentation from HCL indicating why this can not be changed.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Aug 8 2019
  • Under review
  • Attach files