Nueva publicación

查找

Artículo
· 23 nov, 2023 Lectura de 3 min

IRISHealth在DBServer和ECPApp之间启用SSL/TLS安全双向认证加密通信

#ECP #SSL #Cifrado #Seguridad #Certificación #Despliegue #Caché #HealthShare #InterSystems IRIS #InterSystems IRIS for Health

        IRISHealth以其完备且系统化的安全特性在医疗行业的数据库中独树一帜,这些特性包括安全认证、安全授权、安全审计、数据加密以及安全配置。其中数据传输无疑是其中最重要的一环。为此,IRISHealth采用了SSL/TLS技术来对传输的数据进行加密,有效保障了从IRIS数据平台的超级服务数据传输、Telnet服务数据传输、java/.net/Studio客户端的访问数据传输、MIRROR与DB的数据传输,到DBServer和ECPApp之间的数据传输的安全性。


        本文是在两个IRISHealth2021实例之间进行ECP服务通信的示例,一个作为DBServer,一个作为ECPApp,两个实例之间通过使用SSL/TLS的ECP协议进行TCP的加密传输通信。

1.IRIS的DB和ECP环境:

DBServer 

ECPApp
10.1.30.231  10.1.30.232

 

2. CA证书的环境:

CA根服务器 

DBServer

ECPApp
10.1.30.231 10.1.30.231 10.1.30.232
CARoot.cer DataSever.cer ECPApp.cer
CARoot.key DataSever.key ECPApp.key
私钥密码:123 data123 ecp123
  • 在 System > Security Management > Public Key Infrastructure - (security settings) 下进行根证书服务器搭建,审批DBServer和ECPApp申请的证书。

 

3. DBServer配置:

3.1 开启Superserver SSL/TLS support功能 

  • System > Security Management > System-wide Security Parameters - (security settings) Superserver SSL/TLS support勾选Enable

3.2 开启The ECP service is Enabled

  • System > Configuration > ECP Settings - (configuration settings)

  • This System as an ECP Data Server

  • ECP SSL/TLS support勾选Required-->只能通过SSL/TLS方式通信
  • ECP SSL/TLS support勾选Disabled-->不能通过SSL/TLS方式通信
  • ECP SSL/TLS support勾选Enabled-->既能通过SSL/TLS方式通信,也可以不通过

 

3.3 创建 ECP Data Server的SSL/TLS配置名称为%ECPServer

  • 通过System > Configuration > ECP Settings - (configuration settings) 下的Edit SSL/TLS ‘%ECPServer’的链接进行配置
  •    
  • 在 System > Security Management > SSL/TLS Configurations > Edit SSL/TLS Configuration - (security settings)路径下也可以查看,内容相同
  •          

4. ECPApp配置:

4.1 创建ECP Application Server的SSL/TSL配置名称为%ECPClient

  • 通过System > Configuration > ECP Settings - (configuration settings) 下的Edit SSL/TLS ‘%ECPClient’的链接进行配置

  •     

  • 在 System > Security Management > SSL/TLS Configurations > Edit SSL/TLS Configuration - (security settings)路径下也可以查看,内容相同。

4.2 创建ECP Data Connection

  • System > Configuration > ECP Settings > ECP Data Servers---点击Add Server

  •  

 5.在DataServer上对ECP connection进行授权

  • System > Configuration > ECP Settings > ECP Application Servers

  • 授权后,DBServer和ECPApp之间的SSL/TLS双向认证加密通信配置完成。  
5 comentarios
Comentarios (5)8
Inicie sesión o regístrese para continuar
Pregunta
· 22 nov, 2023

Handling CDATA in XML Responses: Removing <![CDATA[]]> in String Properties for Clean Integration

#Code Snippet #CSP #HTML #SOAP #XML #InterSystems IRIS for Health

Hello,

First of all thanks for your help.

We have the following scenario: some responses include special characters as ">" and "<" which are being put inside a property defined as:

Property PACPROBLEMAS As %String(MAXLEN = "", XMLNAME = "PAC_PROBLEMAS");

 

So then, when we observe the LOG SOAP it shows that the Target System replies to the ESB as follows:

➡️ <PAC_PROBLEMAS>46807#278.01#OBESIDAD INFANTIL GRAVE     ( Z-SCORE IMC &gt;2,70 ) #19/09/2019##N#</PAC_PROBLEMAS>

 

However when we observe the Visual Trace, the message being replied from the Operation to the Process has a CDATA section as you could see:

➡️ <s01:PAC_PROBLEMAS><![CDATA[46807#278.01#OBESIDAD INFANTIL GRAVE     ( Z-SCORE IMC >2,70 )#19/09/2019##N#S]]>
</s01:PAC_PROBLEMAS>

 

We do need to find a way to remove the <![CDATA[]]> because the system which receives the response needs it to be raw without any CDATA.

We do have checked that it only shows this behaviour with special character which conflict with the ones that are used in XML as ">" and "<".

 

We do have investigated the following options:

📌 Declare CONTENT = "ESCAPE"

Property PACPROBLEMAS As %String(CONTENT = "ESCAPE", MAXLEN = "", XMLNAME = "PAC_PROBLEMAS");

It stills being the same

 

📌 Declare ESCAPE = "HTML"

Property PACPROBLEMAS As %String(ESCAPE = "HTML", MAXLEN = "", XMLNAME = "PAC_PROBLEMAS");
It behaves similarly

 

📌 Declare ESCAPE = "XML"

Property PACPROBLEMAS As %String(ESCAPE = "XML", MAXLEN = "", XMLNAME = "PAC_PROBLEMAS");

It just shows the same behaviour

 

We have also read:

https://docs.intersystems.com/irisforhealthlatest/csp/documatic/%25CSP.D...

https://community.intersystems.com/post/convert-string-property-cdata-an...

https://community.intersystems.com/post/there-way-automatically-remove-s...

 

However the previous post does not cover this topic.

Could you help us please?

🔎 How could we remove <![CDATA[]]> in a String property? 📍  

Could we declare there any properties, parameters, configurations or options to remove it?

What is the most recommended and clean way to achieve this?

 

Thanks for your help, time, answers, teaching and support.

5 comentarios
Comentarios (5)2
Inicie sesión o regístrese para continuar
Pregunta
· 21 nov, 2023

Configure SQL.OutboundAdapter to SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED

#SQL #InterSystems IRIS

Hi,

DBA has asked me to configure a working Business Operation using a SQL.OutboundAdapter (connecting to external MSSQL server) to run as TRANSACTION ISOLATION LEVEL READ UNCOMMITTED.

I would like help with an example of how this is done.

Thanks

4 comentarios
Comentarios (4)3
Inicie sesión o regístrese para continuar
Pregunta
· 20 nov, 2023

Error on FHIR resource publish through Process to FHIR repository

#FHIR #ObjectScript #InterSystems IRIS

I have received 2 errors while publishing Patient data to repository. Message viewer displays like below and the Application log found  bold content.

Could you please help me on this to resolve the errors.

An error occurred with the web application.
It has been logged to system error log (System Operation>System Logs>Application Error Log).

"<METHOD DOES NOT EXIST>OnPage+42^EnsPortal.MessageContents.1 *%Id,HS.FHIRServer.API.Data.Request : CSP Error"

Business Operation Event logs displays "ERROR <Ens>ErrRequestNotHandled: Request message '3@HS.FHIRServer.API.Data.Request' not handled"

Please suggest what is the issue here ..

Thanks,

6 comentarios
Comentarios (6)3
Inicie sesión o regístrese para continuar
Pregunta
· 20 nov, 2023

Optimizing HL7 Routing Rules: Filtering ADT_A08 Messages Without OBXs

#Code Snippet #CSP #InterSystems IRIS

Hello,

First of all thanks for your time reading this doubt.

We have discovered the following behaviour. Inside a Router we have a roule which needs to filter out the ADT_A08 messages which have not OBXs.

The legacy system had this rule implemented:

(((Document.{OBX(1).SetIDOBX}<"1")||((Document.{EVN:EventReasonCode}!="COD")&&(Document.{EVN:EventReasonCode}!="FIN")))

 

However we have tested it and it does not filter out the ADT_A08 messages.

Is there any way to express inside a Rule, that we need to discard ADT_A08 messages which have not OBXs?

 

We have been investigating this class which provides the functions to use inside a Rule: " Ens.Util.FunctionSet"

We do observe a "Contains" function but we do not see a "Count" function.

 

We have also read:

How to work with Rules: https://docs.intersystems.com/irislatest/csp/docbook/Doc.View.cls?KEY=EB...

How is Routing Rule Editor expected to work: https://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY...

 

Could you help us please?

 

Thank you for your time, thoughts, replies and for your help.

Thanks.

5 comentarios
Comentarios (5)3
Inicie sesión o regístrese para continuar