Security and Authentication
To reduce Cross Site
Request Forgery (CSRF) attack, a filter is used to check whether the
HTTP referrer header value of an incoming request is registered in
the white list that is set up during product configuration. A referrer
identifies the page that caused the incoming request to be sent. If
the referrer header is used but the referring address does not match
any of the patterns allowed in the white list, the request is rejected
with an HTTP 403 error. For more information, see SAS 9.4
Intelligence Platform Middle-Tier Administration Guide.
Note: If you encounter white list
issues, from SAS Management Console navigate to Application Management
SAS Application
Infrastructure, and then right-click and
select Properties. On the Advanced tab,
add trusted hosts to the white list. For example, the value *.example.com
added to the white list allows requests originating from the example.com
domain to get through.
SAS Application
Infrastructure, and then right-click and
select Properties. On the Advanced tab,
add trusted hosts to the white list. For example, the value *.example.com
added to the white list allows requests originating from the example.com
domain to get through.
The creation and execution
of the analytical logic are tasks controlled through security. In
an enterprise application, the API uses authentication supported by
the SAS platform to create tickets and use them with the API. The
API internally processes user roles and authorization and returns
a status of 401 if the operation is not allowed for a particular user.
However, it will not specify implementation or representation.
All modules are discoverable
and usable by an authenticated user.
Copyright © SAS Institute Inc. All rights reserved.