Hello, I’m reviewing our Cognos architecture and I’m looking at some of the main security settings for our Production environment. I’ll admit that I had to read up on the CAF (Cognos Application Firewall). Here is a quick intro to the CAF.
“Cognos Application Firewall (CAF) is a tool designed to supplement the existing Cognos 8 security infrastructure. By default, this supplemental security is enabled. Cognos Application Firewall acts as a smart proxy for the Cognos 8 product gateways and dispatchers. HTTP and XML requests are analyzed, modified, and validated before the gateways or dispatchers process them, and before they are sent to the requesting client or service.
CAF works to protect the Cognos 8 products from processing malicious data. The most common forms of malicious data are buffer overflows and cross-site scripting attacks (XSS links), either through script injection in valid pages or redirection to other web sites. To ensure that the Cognos 8 solution is as secure as possible, CAF should NEVER be disabled in a production environment.”