Beyond authentication, authorization, and auditing, Pega Platform offers many other security features that you can configure, such as encryption, HTTP response headers, and Web Service Security profiles. Use these features to ensure that your system is as secure as possible.
- Encrypting data
To make your data more secure, you can select the type of encryption to use in your application to encrypt and decrypt passwords, properties, and BLOBs.
- OAuth 1.0 clients
The OAuth standard framework enables secure, delegated access to services over HTTPS. OAuth provides tokens (sometimes called "valet keys") that provide access to your data that is hosted by a specific service provider. Each token grants access to a specific site for specific resources, for a defined period of time. A later version of this protocol, OAuth 2.0, uses a different data instance type.
- Encrypting system data by using a custom key management service
You can encrypt system data by using an encryption key that is sourced from a custom key management service that is accessed from a data page. You source a key in this way when you use a key management service that is not one of the supported keystore platforms.
- Changing the default keystore caching settings
You can change the values of the KeyStoreCacheExpireTime and KeyStoreCacheSize settings to control how often the keystore cache is refreshed and to restrict cache size. The lower the values, the less memory is used, but processing power is reduced.
- Importing an X.509 certificate
You can import X.509 certificates that are defined in keystore instances of type JKS or PKCS12. They become active without your having to restart the server.
- Securing your application for mashup communication
If you use the mashup feature to embed Pega Platform content in an external application, define the external URLs that are allowed to access Pega Platform so that the host page can communicate with the mashup gadget page.
- Securing an Activity
You can better protect your application by limiting how an Activity can be executed and who may execute it by configuring Activity-specific access control.