Accelerite recommends the following security enhancements in RCA/HPCA. These enhancements are applicable to these versions of Radia Client Automation; 7.9, 8.1, 9.0, 9.1.
A summary of the enhancements is detailed below:
1) Role Based Access Control security enhancement
Accelerite is now performing additional validations to make sure that no unauthorized user is able to perform access control operations (assign/un-assign an existing role to an existing user account).
Accelerite has already released hotfixes for all supported versions. Customers can contact the support team to request a hotfix as applicable.
2) Extended Notify Security to validate remote notify
Customers are recommended to use Extended notify security features to secure remote Notify. These features are already available in all the supported versions of RCA/HPCA. If not enabled already, customers can enable these by either following the steps in this article:
Customers should contact the Accelerite Support team to request CSDB decks for this. These decks will contain xpi/xpc files which will need to be imported into the CSDB.