https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620302#M59799 <P>Nice find.</P> Mon, 29 Jul 2019 11:57:04 GMT STEVEG 2019-07-29T11:57:04Z https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620069#M59795 <P>Recently I've noticed one of our regions is adding (on the Content Tab) URLs to outside websites.&nbsp; Since we are a cloud based system, I am extremely concerned about that site being an opening into our system.&nbsp; Which makes me wonder about a couple questions.<BR /><BR />1. Has anyone experienced anything like a security breach via an external URL link?&nbsp;</P> <P>2. What is the easiest way to restrict people from adding URLs to WTParts or WTDocuments?&nbsp;&nbsp;</P> <P>James&nbsp;&nbsp;</P> <P>Windchill 11.0 M030 CPS08<BR /><BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="URL.png" style="width: 837px;"><img src="https://www.ptcusercommunity.com/t5/image/serverpage/image-id/18201i311D823DBDAE20AE/image-size/large?v=v2&amp;px=999" role="button" title="URL.png" alt="URL.png" /></span></P> <P>&nbsp;</P> Fri, 26 Jul 2019 14:14:29 GMT https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620069#M59795 JHall 2019-07-26T14:14:29Z https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620103#M59797 <P>I am not sure if this will allow you to do it but did you try creating a rights policy for URLDefinition?&nbsp; It's a sub-type of WTObject.</P> Fri, 26 Jul 2019 18:48:58 GMT https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620103#M59797 STEVEG 2019-07-26T18:48:58Z https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620141#M59798 <P><a href="https://www.ptcusercommunity.com/t5/user/viewprofilepage/user-id/4118">@STEVEG</a>&nbsp; &nbsp;I discovered that I can shut down all URLs in Windchill that point to external sites.&nbsp; On Page 315 of&nbsp;Windchill Customization Guide (11.0 M030 June 2017 Document Version 11.03.01) I discovered the following.&nbsp; <BR /><BR />It looks like it will do what I'm thinking, however I'm not quite sure just yet I want to turn them off completely.&nbsp; &nbsp;According to the PTC tech I talked to, any previous URLs would simply not work if I did this. I'm just not sure what sort of security hazard external links might be.<BR />James</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Remove_URL.png" style="width: 824px;"><img src="https://www.ptcusercommunity.com/t5/image/serverpage/image-id/18217i13055FF73AD9A9B2/image-size/large?v=v2&amp;px=999" role="button" title="Remove_URL.png" alt="Remove_URL.png" /></span></P> Fri, 26 Jul 2019 21:26:54 GMT https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620141#M59798 JHall 2019-07-26T21:26:54Z https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620302#M59799 <P>Nice find.</P> Mon, 29 Jul 2019 11:57:04 GMT https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620302#M59799 STEVEG 2019-07-29T11:57:04Z https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620409#M59812 <P>Thanks&nbsp;<a href="https://www.ptcusercommunity.com/t5/user/viewprofilepage/user-id/4118">@STEVEG</a>&nbsp; &nbsp; I'm still very curious about the risk with external links like this.&nbsp; Am I over blowing the situation?</P> <P>&nbsp;</P> <P>James</P> Mon, 29 Jul 2019 20:00:36 GMT https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620409#M59812 JHall 2019-07-29T20:00:36Z https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620709#M59826 <P>I am not sure if there is anyone that can definitively one way or the other.</P> Wed, 31 Jul 2019 11:15:16 GMT https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/620709#M59826 STEVEG 2019-07-31T11:15:16Z https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/621013#M59839 <P>Our Cyber Security person asked these questions.&nbsp; I think I'll create a PTC ticket and ask them.</P> <P>&nbsp;</P> <P><EM>Since you are adding several URLs to various external sites it is important to check :</EM></P> <P>&nbsp;</P> <OL> <LI><EM>External website is linked to the Windchill webpage in such a way that it does not share any authentication credentials.</EM></LI> <LI><EM>HTTP session details should not be shared with the external sites.</EM></LI> <LI><EM>Confirm with Windchill that their HTML source code is secured from HTML injection attack.</EM></LI> </OL> Thu, 01 Aug 2019 15:16:32 GMT https://www.ptcusercommunity.com/t5/Windchill/Security-and-URL-attachement/m-p/621013#M59839 JHall 2019-08-01T15:16:32Z