DX NetOps

Expand all | Collapse all

Protect CA DA's Rest API using a password?

Jump to Best Answer
  • 1.  Protect CA DA's Rest API using a password?

    Posted 01-31-2018 11:30 AM

    Before opening an idea or a ticket @CA I'd like to ask the question in the community.

     

    The REST API of the CA PM Data Aggregator (DA) is currently without any access control i.e. everybody knowing the REST commands can delete the whole device configuration of CA PM. The documentation of the CA DA is public available on the CA docops portal so it is more than easy to get the right REST calls to delete the configuration if somebody knows that there is a CA DA server in the network he can access.

     

    Is it possible to protect the Rest API using a password?



  • 2.  Re: Protect CA DA's Rest API using a password?
    Best Answer

    Posted 02-02-2018 03:35 PM

    Hello Hilmar,

     

    You are unfortunately correct, there is no protection or access authorization code in place for DA REST functions.

     

    This Idea request may be of interest. It requests the DB connection info in the DA be secured. The more up votes it gets the better.

     

    IM DA security enhancement request 

     

    This Idea was implemented as of 2.8 and provides for control of the data passed between DA and DC.

     

    secure Datacollector traffic to DA 

     

    I found out that coming in the r3.6 release we are adding support for the DA to be configured so it runs using https.

     

    Unfortunately that won't come with username/password protection for rest yet.

     

    It appears that REST security for the DA is on their minds, but it wouldn't hurt for a specific Idea to be submitted requesting it. Once more, the move votes (the squeaky wheel gets the grease) up it gets the more likely to be considered for inclusion in a future release.

     

    Thanks,

    Mike



  • 3.  Re: Protect CA DA's Rest API using a password?

    Posted 02-05-2018 12:06 PM

    Hi Mike,

     

    thansk for investigation for now. So, I'll open a new idea for this.