To prevent clickjacking, the X-Frame-Options header in the Remote services application is set to DENY by default. For more information about clickjacking and this setting, see the topic for WebSphere Application Server or Apache Tomcat.
After you deploy the Remote services application, you can choose whether to enter a secure or nonsecure URL to the remote document generation component in the client applications. The secure URL is included in the documentation in this information center. For more information, see Remote services URLs. If you choose to set up nonsecure document generation, any users can view the generated output documents, even if they do not have access to the data in the data source.
You can set up a proxy connection.
Rational Publishing Engine uses the DESede algorithm (Triple DES encryption) to encrypt passwords used in document specifications and templates. They are also encoded using the Base 64 encoder.
User names and passwords for the web applications are not created automatically. Rational Publishing Engine requires user names and passwords for connecting to the remote services, but not for using the Document Studio and Launcher client applications on your computer.
Data sources might require separate authentication for Rational Publishing Engine to access the data inside them. Verify the security of the data source and do not use untrusted data sources with Rational Publishing Engine. If your data source requires authentication, user names and passwords for data sources can be stored on the Rational Publishing Engine remote server, in document specification files, or in template files.
Passwords are encrypted in Rational Publishing Engine. When passwords are stored in template files and on the remote server, the characters are masked with bullets. When passwords are stored in document specification files, the characters are masked with bullets as they are being typed and are switched to asterisks after you move the cursor away from the value. If you open a document specification in a browser or XML editor, the password is encoded.
Templates or document specifications can be shared by either storing them in the Central Management component or by sending them through a method outside of Rational Publishing Engine. Before sharing a template or document specification, you must decide whether to keep or remove the user name and password from the files. In most situations, removing the user name and password from the file is recommended. Even if the password cannot be identified because it is encrypted, other users can still generate documents that might include data that those users are not otherwise permitted to see.
Rational Publishing Engine has roles for administrators and users of the remote services components, including Remote document generation, Central management system, Monitor & Control, and Report scheduling. An overview of the user roles is available in Configuring the Remote services application.
This software offering does not use cookies or other technologies to collect personally identifiable information. For more information about cookies, see the Documentation notices for IBM Rational Publishing Engine.