BIOVIA Pipeline Pilot: Security-related changes in Pipeline Pilot 2022
Program
Pipeline Pilot 2022
Operating System
All supported operating systems
Background
The following new security-related changes have been implemented in Pipeline Pilot 2022:
- As of the 2022 release, the Pipeline Pilot Administration Portal now includes a Security Configuration page that includes settings that affect the level of security for your server. See the Pipeline Pilot Administration Guide for details about this page and the appendix on Security Recommendations to learn more about how to protect your server.
- There is no longer a default password for the Pipeline Pilot scitegicadmin administrator account. You will be prompted to provide a password at the end of the installation.
- The "Any User Name" authentication scheme is no longer supported in Pipeline Pilot 2022. You must configure authentication using the Security > Authentication page in the Pipeline Pilot Administration Portal.
- Job directory access is now restricted to the owner by default. This is configurable by the Administrator in the Security Configuration page or by the job owner for individual jobs in the Professional Client.
- The Pipeline Pilot administrator can now control the properties of files that can be uploaded to the server including the maximum file size (100mb by default), the maximum file name length (80 characters by default), and overrides to the list of blocked file extensions.
- Custom applications accessing certain Pipeline Pilot server endpoints may now require authentication, particularly if requesting server version or OS information.
- The internal symmetric encryption for passwords within Pipeline Pilot has been changed to use AES256 GCM. Because of this change, any password parameter value stored in a protocol in Pipeline Pilot 2022 will not be readable in earlier versions of Pipeline Pilot. Therefore, you cannot migrate such a protocol to an earlier server version, via export or email.
- Extraneous ciphers have been removed from the Intermediate TLS/SSL security level for the Pipeline Pilot Apache service that were in place to support .NET clients from Windows 2008 SP1. Because Windows 2008 SP1 is no longer supported by Microsoft, these ciphers are no longer required. If you have older client operating systems that fail to connect to the https: endpoint of the Pipeline Pilot server, you may need to configure the TLS/SSL security level for "Older" for your older clients to connect.
- The application Database Schema Update page has been removed, since it is no longer in use.
- Older versions of the WAF library are no longer shipped with Pipeline Pilot 2022.
- Validation of Sign-in redirect URLs can now be configured and is enabled by default.
- Remote protocol execution by referencing to an arbitrary file location for a protocol is now disabled by default.
Further Information
Further information on these and other changes in Pipeline Pilot 2022 can be found in the Product Release Document, Server Installation Guide and Server Administration Guide.