cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

We are happy to announce the new Windchill Customization board! Learn more.

Security and URL attachement

JHall
16-Pearl

Security and URL attachement

Recently I've noticed one of our regions is adding (on the Content Tab) URLs to outside websites.  Since we are a cloud based system, I am extremely concerned about that site being an opening into our system.  Which makes me wonder about a couple questions.

1. Has anyone experienced anything like a security breach via an external URL link? 

2. What is the easiest way to restrict people from adding URLs to WTParts or WTDocuments?  

James  

Windchill 11.0 M030 CPS08

URL.png

 

6 REPLIES 6
STEVEG
21-Topaz I
(To:JHall)

I am not sure if this will allow you to do it but did you try creating a rights policy for URLDefinition?  It's a sub-type of WTObject.

JHall
16-Pearl
(To:STEVEG)

@STEVEG   I discovered that I can shut down all URLs in Windchill that point to external sites.  On Page 315 of Windchill Customization Guide (11.0 M030 June 2017 Document Version 11.03.01) I discovered the following. 

It looks like it will do what I'm thinking, however I'm not quite sure just yet I want to turn them off completely.   According to the PTC tech I talked to, any previous URLs would simply not work if I did this. I'm just not sure what sort of security hazard external links might be.
James

Remove_URL.png

STEVEG
21-Topaz I
(To:JHall)

Nice find.

JHall
16-Pearl
(To:STEVEG)

Thanks @STEVEG    I'm still very curious about the risk with external links like this.  Am I over blowing the situation?

 

James

STEVEG
21-Topaz I
(To:JHall)

I am not sure if there is anyone that can definitively one way or the other.

JHall
16-Pearl
(To:STEVEG)

Our Cyber Security person asked these questions.  I think I'll create a PTC ticket and ask them.

 

Since you are adding several URLs to various external sites it is important to check :

 

  1. External website is linked to the Windchill webpage in such a way that it does not share any authentication credentials.
  2. HTTP session details should not be shared with the external sites.
  3. Confirm with Windchill that their HTML source code is secured from HTML injection attack.
Top Tags