Thanks Patrick and Carey, I really appreciate your efforts. I was hoping there was some kind of white paper or other document that explained how security works, what is actually happening in the background security-wise when a user is logging in and working via the mid-tier.
Jenni Wacholz Remedy Administration Coventry Health Care Inc 480-445-2517 ________________________________ From: Action Request System discussion list(ARSList) [mailto:[EMAIL PROTECTED] On Behalf Of patrick zandi Sent: Friday, June 22, 2007 8:57 AM To: [email protected] Subject: Re: Mid-Tier Security Question ** ya know, I think -- have not tested it yet.. I think all you really have to do is the following: add this on the arserver ar.conf Encrypt-Security-Policy: 1 and it forces all clients (web - ut) to encrypt. I seem to remember that.. On 6/22/07, patrick zandi <[EMAIL PROTECTED]> wrote: ok, part of my question is : check the ARS list topic. ARS 6.3 - encryption between ARS and AREmail This will help you get in the correct direction, looking for the doc's - I have some .. somewhere.. On 6/22/07, patrick zandi <[EMAIL PROTECTED] > wrote: Basic security then, Between the Mid-tier and the ARS server (if they are on the same system- there is no real need) you can configure your Web-base Mid-tier to encrypt all data to the ARS server. Also you may purchace the (nomenclature may be wrong) Midlevel and High security encryption is you wish. As far as the actual details I have some.. Got to find them.. Someone might just beat me to the punch here on this.. as It seems this list.. alot of folks like answering really fast... and I am a little slower than most. Will see what I can come up with .. Give me a little time.. On 6/22/07, Wacholz, Jeanette (Jenni) < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: ** I believe it would be the Mid-tier to ARS Security. We have a pretty standard setup...no SSL or anything, and no guest users allowed. Jenni Wacholz Remedy Administration Coventry Health Care Inc 480-445-2517 ________________________________ From: Action Request System discussion list(ARSList) [mailto:[email protected] ] On Behalf Of patrick zandi Sent: Friday, June 22, 2007 8:09 AM To: [email protected] Subject: Re: Mid-Tier Security Question ** Jenni, What specifically are you looking for ? SSL - https Midt-tier to ARS Security Hackproofing the web server Security of JSP ---- On 6/22/07, Wacholz, Jeanette (Jenni) < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: ** Hi all, I've wondering if anyone has or can direct me to a document that provides a description of how Remedy mid-tier security works. I couldn't find anything on the BMC website or in the manuals, although it is certainly possible that I just missed it. I didn't find anything in a search of the ARSList archives either. Any help would be appreciated. ARS 6.3 P20 AIX w/WebLogic Oracle 9.2 Jenni Wacholz Remedy Administration Coventry Health Care Inc 480-445-2517 Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act (HIPAA). The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer. __20060125_______________________This posting was submitted with HTML in it___ -- Patrick Zandi __20060125_______________________This posting was submitted with HTML in it___ Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act (HIPAA). The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer. __20060125_______________________This posting was submitted with HTML in it___ -- Patrick Zandi -- Patrick Zandi -- Patrick Zandi __20060125_______________________This posting was submitted with HTML in it___ Email Confidentiality Notice: The information contained in this transmission is confidential, proprietary or privileged and may be subject to protection under the law, including the Health Insurance Portability and Accountability Act (HIPAA). The message is intended for the sole use of the individual or entity to whom it is addressed. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this email and delete the material from any computer. _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
