Security considerations for Rational DOORS

You can take actions to ensure that your installation is secure, customize your security settings, and set up user access controls. You can also ensure that you know about any security limitations that you might encounter with this application.

Enabling security during the install process

The IBM® Rational® DOORS® security model provides a secure connection with certificates and client side authorization and authentication. When enabled, server security replicates a set of security checks on the server. To enable server-side security, you must install and configure the Rational DOORS Web Access server and the server security version of the Rational DOORS client and database server.

To protect against cross-site request forgery (CSRF) security attacks, administrators can set a property in the Rational DOORS festival.xml file. See Modifying the core configuration file.

Enabling secure communication between multiple applications

Security for integrations that use Open Services for Lifecycle Collaboration (OSLC) is provided by OAuth 1.0a, which is an open protocol that provides secure API authorization.

Ports, protocols, and services

You can configure Rational DOORS so that users can only log on by using smart cards or certificates.
You can configure Rational DOORS Web Access to use Secure Sockets Layer (SSL) for HTTPS security protocol. You can also configure Rational DOORS Web Access so that users can access it using smart cards instead of logging in with a user name and a password.
Your team can use electronic signatures with module baselines to provide a secure way to review and sign information at various stages of the development process.

Setting up user roles and access

You can set the login policy that controls the level of security for the Rational DOORS database.
You can create users and user groups and configure password rules for maintaining user security. You can enable system user names to log in to the Rational DOORS database. System user names are the names that individuals use to log in to their computers, for example their Windows user names. The Rational DOORS database server can keep a record of every failed login and every successful login.

You can configure access rights for each item of data in your Rational DOORS database. Rational DOORS provides five access rights for user groups: read, modify, create, delete, and administrative control.

Privacy policy considerations

Depending on the configurations that are deployed, this software offering might use cookies that can help enable you to collect personally identifiable information. For information about this offering’s use of cookies see "Privacy policy considerations" section in Documentation notices for IBM Rational DOORS.


Feedback