Security

Security is managed by both DivePort and DiveLine using the following protocols and processes:

Transport Layer Security

Transport Layer Security (TLS) is cryptographic protocol that provides communications security between DivePort on the Tomcat server and the DivePort user web browsers.

TLS protocol handles web client/server authentication. When the browser first attempts to communicate with the server, the server presents the browser with a certificate, which authenticates the website. Users can add the certificate to their Trusted Root Certification Authorities or Trusted Publishers store in their browser. Otherwise, they must acknowledge the certificate each time they log in.

See also: Installing Client Browser Certificates.

Encryption

All communication between DivePort and DiveLine uses the proprietary Dimensional Insight DiveLine Protocol. This communication is encrypted.

Authentication and Authorization

DiveLine is the repository of usernames and (optionally) passwords. When a user logs on to DivePort, the authentication process is managed by DiveLine. DiveLine uses the folloiwng methods (OWN, System, Web Server, OIDC OpenID Connect, and LDAP Lightweight Directory Access Protocol) to authenticate users. For more information, see Workbench Help.

User profiles and group membership are set in DiveLine using Workbench. Only authenticated users can view or access data, and then, only the data they have been given permission to view or access.

DivePort reports any user or group access changes to DiveLine. These changes are written to a configuration change log.

During DivePort setup, all DiveLine administrators are designated as DivePort administrators. Later, additional users can be specified as DivePort administrators or DiveLine administrators can be demoted to user level. For more information, see Managing User Access.

DivePort administrators have access to all command tabs. They can configure DivePort settings, control user access, and edit pages and portlets.

A DivePort administrator is considered a super user and has access to all environments, pages, and portlets. If the DivePort administrator is also a DiveLine administrator, all DivePort content is accessible.

User Administration

DivePort offers multiple levels of control to the portal, to the user interface, and to the content. For more information, see User Access to DivePort Content.

Access Control

Diver Platform and Diver Solution utilize access control rules to specify who can access cBases or model data. In addition, audit rules log information about which users have seen sensitive data.

Unsuccessful or Unauthorized Log On Attempts

You can enable a welcome message that displays when a user logs on. This message can include information about the last time the user account was used, and the number of failed logon attempts since then. This can alert you of a security breach if it shows that the last successful logon date and time is different than when the user last logged on, or if an unknown person tried to access the user account. See also Logging On.

SELinux

If using SELinux on Red Hat 7.x, ensure that the webdata and webapps folders have the appropriate filesystem labels for Tomcat to be able to access them (for example, tomcat_var_lib_t). For more information, see Red Hat documentation.

Preventing Indexing

DivePort prevents search engine indexing by inserting a noindex meta tag on all pages.