Bentley Communities
Bentley Communities
  • Site
  • User
  • Site
  • Search
  • User
  • Welcome
  • Products
  • Support
  • About
  • More
  • Cancel
ALIM | Exor
  • Product Communities
  • AssetWise
  • ALIM | Exor
  • More
  • Cancel
ALIM | Exor
ALIM | Exor - Wiki Web Server Security
    • Sign in
    • -Exor - Wiki
      • +ALIM Document Manager
      • +AWLRS
      • Exor Accidents Manager
      • +Exor Asset Manager
      • +Exor CIM / FIM
      • +Exor Document Manager
      • +Exor Enquiry Manager
      • +Exor Information Manager
      • +Exor Information Manager TMA Reporting Pack
      • +Exor Maintenance Manager
      • +Exor Maintenance Mobile
      • +Exor MapCapture
      • +Exor MapCapture (ESRI)
      • +Exor MCI MapCapture Interface
      • +Exor Network Event Manager
      • +Exor Network Manager
      • +Exor Oracle
      • Exor Problems and Solutions
      • +EXOR product placeholder
      • +Exor Public Enquiry Manager API
      • +Exor Schemes Manager
      • +Exor Spatial Manager
      • +Exor Street Gazetteer Manager
      • Exor Streetworks Manager
      • +Exor Streetworks Mobile
      • +Exor Structures Manager
      • Exor Structures Mobile
      • -Exor TMA API and Web Service
        • API PL/SQL - Exor TMA API and Web Service
        • BPEL Transactions At Stale State
        • Change Database Server Name or IP
        • Error processing request message
        • Error Returned by API When Creating Any Notice
        • Error Sending Notice
        • Error Sending Notice via Web Service API
        • Error Sending To Primary Recipient
        • EToN Ping Notice Returns Error To Sender
        • Exor TAA Location error installing updates
        • How To Clear Web Service Instance Data
        • How To Import SSL Certificate 11g Weblogic
        • How to Limit Log File Numbers and Sizes
        • How To Send An EToN Ping Notice
        • Large Number of Log Files
        • Notices are not being received
        • Purge Web Service Instance Data From The SOA Repository Database
        • +Raising Notice - Exor TMA API and Web Service
        • Receiver is Receiving Notice Many Times Between 00:00 and 04:00 am
        • Stopping and Starting TMA Web Services
        • TMA API Web Service Returns Error
        • TMA Transaction at Error Status - Internal error during notice validation, ORA-00001: unique constraint (ATLAS.TTRE_PK) violated.
        • Transaction Status stuck at 'Ready to Send'
        • +Transactions - Exor TMA API and Web Service
        • Transactions not being sent or received
        • Transactions not sending to particular recipient
        • Transactions Time Out Intermittently
        • Unable to obtain database connection
        • Unable to send notice - Connection refused
        • Unable to start Admin service on webserver
        • Web Server Security
        • +Web Service - Exor TMA API and Web Service
        • Web Service Down
        • Web Services Down
      • +Exor TMA Noticing Manager
      • +Exor TMA Permitting Manager
      • +Exor UKPMS
      • ORA-20000: HIG-0230: Inconsistency detected error on login
      • +Transportation Intelligence Gateway
      • +Video Series for Exor
      • Working From Home with Exor

     
     Questions about this article, topic, or product? Click here. 

    Web Server Security

      Product(s): Exor TMA API and Web Service
      Version(s): 04.05.00.00
      Environment: N/A
      Area: Security
      Subarea: N/A

    FAQ

    We are often asked what security should be applied to the TMA web server. Infrastructure security isn’t something we usually get involved with, however our Professional Services department can help implement changes when required. That said, below are some notes which may help you. 

    Your TMA Web Server should be sited within a DMZ as per the EToN Technical Specification, therefore any server vulnerabilities should be outside of your main corporate firewall. The EToN Technical Specification describes what security can and can’t be implemented - See pages 116-122 of the EToN Technical Specification v5.01, or pages 137-142 of ETS v6.

    In order to remain compliant with the legislation, you should thoroughly read this document before making any changes to your web server.

    One particularly important section to note is below:

    EToN requires basic security but not a comprehensive solution appropriate for some transactional web services. EToN is a closed system where all users are pre-determined and there are no intermediaries, and no need for partner applications to share user authentication, authorisation and access information. The aim is to provide adequate security consistent with the non-critical, non-confidential nature of EToN.

    Receiving systems must therefore not block any incoming transaction that conforms to the requirements of this specification. Examples of techniques that should not be used include:

    IP Address Recognition

    HTTP Authentication

    Additional SOAP functionality (e.g. WS-Security) not defined in this specification and associated WSDL.

    Firewall requirements

    Firewalls and proxy servers should be configured to allow interoperable web services as specified above, i.e. allow unsolicited SOAP messages over HTTP / HTTPS. The method(s) of achieving this whilst protecting internal corporate systems and data is a matter for individual organisations.

    Figure 7.2 shows an example of web service behind a demilitarized zone (DMZ). However, it is assumed that not all IT infrastructures will use a DMZ with servers outside of the firewall.

    The Exor TMA web service software is integrated within Oracle and has its own secure method of contacting your database. One common change is to hide the Oracle Enterprise Manager and WebLogic console pages from the outside world. There are various ways you can do this and there are several articles on the internet which may help, however one simple solution would be to redirect all incoming web traffic from the outside world to the EToN end point using your firewall or proxy server software. As long as the EToN web service endpoint (notice URL) and associated WSDL file are still accessible to the outside world, you should be compliant. I.e. http://tma.organisation-name.gov.uk/EToN/EToNSoap12 and http://tma.organisation-name.gov.uk/EToN/EToNSoap12?WSDL

    If you would like some assistance or further advice from our Professional Services department, then please contact your Bentley Account Manager.

    See Also:

    ETS v6 - https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/181675/eton-6-technical-specification.pdf

    ETS v501 - http://webarchive.nationalarchives.gov.uk/+/www.dft.gov.uk/pgr/roads/network/local/streetworks/cop/pdfelectronictransnotices.pdf

      Original Author: Lee Jackson
    • eton
    • SOAP
    • Web Service
    • tma
    • Security
    • WSDL
    • notice URL
    • Share
    • History
    • More
    • Cancel
    • Lee Jackson Created by Bentley Colleague Lee Jackson
    • When: Tue, Oct 8 2013 11:33 AM
    • Sarah Willis-Culpitt Last revision by Bentley Colleague Sarah Willis-Culpitt
    • When: Fri, Jun 9 2017 4:40 AM
    • Revisions: 12
    • Comments: 0
    Recommended
    Related
    Communities
    • Home
    • Getting Started
    • Community Central
    • Products
    • Support
    • Secure File Upload
    • Feedback
    Support and Services
    • Home
    • Product Support
    • Downloads
    • Subscription Services Portal
    Training and Learning
    • Home
    • About Bentley Institute
    • My Learning History
    • Reference Books
    Social Media
    •    LinkedIn
    •    Facebook
    •    Twitter
    •    YouTube
    •    RSS Feed
    •    Email

    © 2021 Bentley Systems, Incorporated  |  Contact Us  |  Privacy |  Terms of Use  |  Cookies