This topic provides information about the security enhancements and new features in this release:
Security enhancements for the mid tier
- You can now log on to BMC Remedy Mid Tier using only HTTP POST requests.
You can add an inclusion list of URLs to be redirected to when you log out of the mid tier. To add an inclusion list, add the following property in the <midTierInstallDirectory>/WEB-INF/classes/config.properties file:
NoteThe inclusion list must also contain the mid tier's own URL to allow the mid tier to redirect to itself.
New parameter for encrypting information
BMC Remedy Developer Studio provides the
DECRYPT functions to encrypt and decrypt data in filters and escalations, securing the operations. By default, only the 56-bit DES algorithm is used for encryption, but you can specify the 256-bit AES algorithm for better security. To enable the 256-bit AES algorithm, add the
Workflow-Encryption-Algorithm:x parameter to the ar.cfg or ar.conf file, replacing x with the value that identifies the algorithm:
Workflow-Encryption-Algorithm:1 — Enter 1 to use the 56-bit DES algorithm.
Workflow-Encryption-Algorithm:7 — Enter 7 to use the 256-bit AES algorithm.
This algorithm is applied only when you use
ENCRYPT function in BMC Remedy Developer Studio.
BMC recommends that you use the 256-bit AES algorithm for better security.
Security restrictions on file uploads
You can now restrict BMC Remedy Action Request System (AR System) users from uploading and viewing files with certain extensions in BMC Remedy Mid Tier and BMC Remedy User Tool. This feature helps prevent users from uploading malicious attachments and viewing them. For more information, see Security restrictions on file uploads.