What are the most important factors to consider when purchasing semantic software? Customer references, good user experience, comprehensive documentation or completeness? The good news is that PoolParty has it all and is one of the most secure semantic middleware platforms on the market. Read the article to find out more about the PoolParty security features that help to keep your data safe.
Password123
We’ve all been there. During onboarding or later on, employees typically undergo a series of security trainings where they get to know the most important password management practices. Examples of such practices include choosing long and unique passwords containing multiple character sets. Yet when faced with the actual task of setting a new password, our brain somehow freezes and we restore to the good old 123456, qwerty, password1 or use the same password as we do for our mailbox.
If you are an administrator at your organization, you probably have already wondered how to prevent such situations from happening. The good news is that PoolParty has your back on this. Our software comes with a predefined password policy, which can be configured depending on your individual needs and security regulations at your company.
Did you know? PoolParty provides various ways to authenticate users. You can either rely on our default password verification or leverage your existing authentication infrastructure using SAML and LDAP protocols. Check out our Administrator Guide to find out more.
By default, PoolParty users are required:
-
-
- to select a password that is at least 8 characters long
- to change their password when they log in for the first time
-
You can change these default settings as well as enable optional ones. This way, you can enforce, for example, that:
-
-
- minimum password length is 10 characters
- password must contain upper and lower case characters, letters as well as digits and punctuation characters
- users have to change their passwords every 90 days
- users cannot use their last 7 passwords
- user account gets locked after 5 failed login attempts (no worries, you can unlock the account later on in the User Administration module)
-
To enforce your individual password policy in PoolParty:
1. Find the poolparty.properties file in these paths:
Linux: <PPAppDir>/config
Windows: drive>:\<PPAppDir>\config\
2. Set the relevant parameters. See our Administrator Guide for a full list.
3. Restart the PoolParty server for the changes to take effect.
Gotcha, captcha!
Are you afraid of bots and other malicious software potentially attacking your PoolParty instance? One of the easiest ways to secure your PoolParty from brute force attacks of cybercriminals is to add a reCaptcha widget.
Various captcha systems have been around since late 1990s and Google’s reCaptcha is currently one of the most popular among them. It automatically verifies whether you are a human or a bot based on your overall behavior (reCAPTCHA v3) or how well you do in a challenge (reCAPTCHA v2). This challenge might be as simple as selecting the “I’m not a robot” checkbox or a more complex one where you for instance need to select all images with cars. See Google’s Developer’s Guide to learn more about the differences between reCAPTCHA v2 and reCAPTCHA v3.
gif courtesy of Google Search Central Blog
If you want to add a reCaptcha widget to PoolParty’s login page, make sure to register for an API key pair (site key + secret key) with Google first. Once you know the site key and secret key:
4. Find the poolparty.properties file in these paths:
Linux: <PPAppDir>/config
Windows: <drive>:\<PPAppDir>\config\
5. Set the security.captcha.secret and security.captcha.site parameters.
6. Restart the PoolParty server for the changes to take effect.
Visit our Administrator Guide to find out more about reCaptchas in PoolParty.
Users, Admins, Superadmins…
PoolPartyUser, PoolPartyAdmin and PoolPartySuperAdmin are just a few examples of user roles that come default with PoolParty. When it comes to access management, our software relies on a sophisticated system of user groups and roles to help you manage the data classification of your project.
This means that the PoolParty users can or cannot access certain resources (projects, custom schemes and ontologies) based on the group they are assigned to. Roles, on the other hand, determine which permissions they have while interacting with these resources.
In other words, if you wonder why you cannot see the thesaurus project your colleague Miranda mentioned to you last week, check which groups you are assigned to. If you can see it but wonder why you cannot add any concepts to it, check your project role.
Did you know? PoolParty comes with a definite number of user roles (see our User Guide for Knowledge Engineers for a full list) and one default group. You can add your own groups in just 5 steps.
Long live the session! (Or not.)
Imagine that you are a knowledge engineer and you log in to the Thesaurus Manager Server to add new concepts to the thesaurus project you are currently working on. After a while, you get an email urging you to attend an important meeting. You collapse the window with PoolParty leaving your session still running in the background. As innocent as it may seem, this practice leaves the door open for various security exploits.
PoolParty security features support you in proactively preventing cases like this from happening by coming with a default session timeout of 30 minutes. You can also set a custom session timeout. First, you need to establish how long an inactive user should stay logged in. The actual time usually depends on the risk profile of the data stored in PoolParty and is always a trade-off between the user experience (frequent reauthentication may leave your users frustrated) and security (remember, long-lived sessions might pose a security threat). Once you decide, do the following:
7. Find the poolparty.properties file in these paths:
Linux: <PPAppDir>/config
Windows: <drive>:\<PPAppDir>\config\
8. Change the value of the poolparty.session.timeout parameter.
9. Restart the PoolParty server for the changes to take effect.
Did you know? Establishing session timeout is one of the OWASP’s recommendations for secure software. See our Information & Application Security White Paper to find out more on how OWASP’s software security guidelines translate into the day-to-day practices at our software engineering department.
Of course, security conscious users can always close their session manually. The Logout button is conveniently located in the User Menu and is always accessible from everywhere in the software.
PoolParty’s time machine
Do you ever wish you could go back in time? With the PoolParty’s snapshot functionality, traveling in time is no longer just wishful thinking.
There are various reasons why something may go wrong with your thesaurus project. You may want to autopopulate your thesaurus with linked open data, but it doesn’t go as planned, there might be a hardware-related server incident or your data gets corrupted as a result of a malicious attack. One way or another, you can count on our automatic snapshots. By default, a PoolParty security feature ensures that the system takes a snapshot of your project every 10 minutes. If you need to take snapshots more frequently, consider changing the default time interval (possible values are disabled, 5, 10, 15 or 30 minutes) or taking snapshots manually.
One of the main differences between the snapshots created manually and automatically is that the system can store as many as 5 automatic snapshots, but there is no limit when it comes to the number of manual snapshots. Another difference is that with manual snapshots, you can add a note.
Curious to learn more? See our detailed documentation on the snapshot functionality in PoolParty.
Did you know? The automatic snapshots are disabled while modifying a project via the API. This gives you freedom to decide about the best moment to take a snapshot.
Want to see more of our Technical Writers’ work or detailed instructions about the PoolParty functionalties? Visit our Help Documentation site!
