IBM Sterling Ideas

Submit new product ideas for IBM Sterling solutions. Before you submit, please review existing ideas; if an idea close to yours already exists, it's better to add comments or vote on the existing idea. We will review your ideas and use them to help prioritize our product development. Best of all, the portal will automatically update you when the status of your idea has been changed.

IBM is transforming its request for enhancement (RFE) process. The purpose of the transformation is to provide a more consistent experience for you to submit requests and to enable IBM product owners to respond to your requests more quickly. For more information click here.

Connect with IBM experts and your peers on the Supply Chain Collaboration Community and the Order Management Interest Group

Session ID should be complete alpha numeric random number

Requirement:

 - Generate session IDs using secure random number generators

Examples: CryptGenRandom, RNGCryptoServiceProvider

- Invalidate sessions after an inactivity timeout or on logout

- Set appropriate attributes in the HTTP Response headers to avoid storing restricted and confidential information in browser caches Best practices include setting the following:

Cache-Control: no-cache, no-store

Expires: 0

Pragma: no-cache

- Set the HTTPOnly attribute in the HTTP Response header to prevent client-side scripts from accessing cookies

References:

- TISD-1810-2.3 Cryptographic Algorithms

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jun 19 2019
  • Declined
How will this idea be used?

This is the enhancement request to support client security requirement.

What is your industry? Telecommunications
What is the idea priority? Medium
  • Attach files
  • Admin
    Ryan Wood commented
    28 Aug 01:56pm

    Thank you for participating in the request for enhancement community. Your input is valuable in shaping the roadmap for the product. While we agree that this idea would add value, it is not something we are able to assign priority to at this time. In general, when accepting an idea, we strive to deliver the enhancement within 18 months. We will continue to monitor this enhancement for interest, feel free to re-enter the idea in 12 months to see if priorities have shifted. If you have any additional questions or concerns please reach out.