IBM Support

How secure is MxLoader?

Technical Blog Post


Abstract

How secure is MxLoader?

Body

You probably know my beloved MxLoader tool to import/export data into Maximo straight from Excel. For those of you who doesn't know it yet I suggest to take a look at this short video.

Some customers are a little bit worried about security of this tools so I need to clarify how MxLoader works and how to ensure data in Maximo is protected from unauthorized access.

In simple words, MxLoader uses Microsoft VBA code to exchange data with Maximo Integration Framework Object Structure service.

image

Without going into much details, the Object Structure service allows to access to access Maximo data in a synchronous way through HTTP by simply defining Object Structures. This means that MxLoader inherits the authentication and authorization of the Maximo OS HTTP service.

Unfortunately the HTTP servlet is not secured by default. This means that any person can connect to the OS service and exchange data without authenticating circumventing any control. This has been changed in Maximo 7.6.0.2 fixpack as part of a security bullettin.

To prevent unauthenticated access to your data through HTTP interface you first to secure the enterprise bean access and then secure the HTTP servlet.

However this may be not enough since the Object Structure service checks authorization only if the Authorized Application is set on the corresponding Object Structure in Maximo. So the last step for a safe configuration of Maximo is to set the Authorized Application in each Object Structure that has to be used by MxLoader or any external application using HTTP OS Service.

Here is an example for the MXASSET object structure.

 

image

 

image

 

Finally, a small peek. Development is implementing some improvements on Object Structures authorization. Stay tuned!

 

For more information refer to the following articles and documentation:

 

[{"Business Unit":{"code":"BU005","label":"IoT"}, "Product":{"code":"SSLKT6","label":"Maximo Asset Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":""}]

UID

ibm11131117