订阅

UiPath Installation and Upgrade

UiPath 安装和升级指南

部署和配置注意事项

User and Robot Permissions


在 Orchestrator 中配置用户和机器人权限时,需要防范两种潜在威胁:恶意用户或恶意开发者。

Orchestrator 和机器人之间的身份验证基于仅管理员可以在机器人计算机上访问的共享密钥。如果计算机用户具有管理员权限并可以访问该密钥,则他们可以在调用 Orchestrator 时模拟其他机器人。

To mitigate the risks and potential impact from a malicious user, follow these guidelines:

  • 在配置为有人值守的自动化的计算机上,请确保该计算机上的用户没有管理权限。
  • Limit robot permissions to the minimum required to execute the particular automation(s). See here to learn about setting permissions.
  • In modern folders, disable robot creation for those users with administrator or other high-privilege roles in Orchestrator.

恶意开发者可能会部署一个流程,当该流程由 Orchestrator 中具有高级权限的用户执行时,会授予该开发者不必要的访问权限,或者窃取数据。

To mitigate the risks and potential impact from a malicious developer, follow these guidelines:

  • Maintain control and validation over any packages being deployed in Orchestrator.
  • 在部署到生产之前审核自动化(例如,代码审核,病毒扫描等)。
  • Limit robot permissions to the minimum required to execute the particular automation(s). See here to learn about setting permissions.
  • In modern folders, disable robot creation for those users with administrator or other high-privilege roles in Orchestrator.

Password Policy


The default password policy states that all user passwords should contain at least 8 characters and at least one letter and a digit. This can be changed and made more complex in the Settings page, on the Security tab. For more information, see the Settings Description topic.

加密 UiPath.Orchestrator.dll.config 文件


Encrypt the SecureAppSettings section of the UiPath.Orchestrator.dll.config file. To see how this can be done, please see Encrypting UiPath.Orchestrator.dll.config Sections.

Disabling the Auto-complete Feature in Your Browser


大多数网络浏览器中提供的自动完成功能并不完全安全。为确保没有人能找到您的 Orchestrator 登录密码,我们建议您在首选浏览器中禁用上述功能。

If you are using Internet Explorer 11:

  1. 在 Internet Explorer 中,依次单击“工具”>“Internet 选项”。系统将显示“Internet 选项”窗口。
  2. In the Content tab, select Settings. The AutoComplete Settings window is displayed.
  3. 取消勾选“表单上的用户名和密码”复选框。
  4. 单击“确定”。系统便会保存您的设置。

Changing the Default System Admin Password


Change the default system administrator password (that was communicated to you by our team). You can do this by editing the user profile information. For more information, see Managing tenants.

不要选择“记住我”复选框


When you first log in to Orchestrator, do not select the Remember Me password. This helps you log out of the current session every time.

Limiting the Cookie Session Timeout Period


默认情况下,授权 Cookie 将在 60 分钟后过期。您可以通过更改 UiPath.Orchestrator.dll.config 文件中 Auth.Cookie.Expire 参数的值来限制此时间。

Using Trusted SSL Certificates


尽管强制执行 HTTPS 连接很重要,但是拥有来自受信任的提供程序的 SSL 证书也同样重要。

Additionally, you can remove the HTTP binding:

  1. Open IIS.
  2. In the Connections panel, navigate to the Sites folder.
  3. Click the Orchestrator site. The Actions panel is updated accordingly.
  4. Click Bindings. The Site Bindings window is displayed.
  5. Click the HTTP binding and then Remove. The HTTP binding has been deleted.

Adding Cache-Control


我们建议添加安全缓存指令以隐藏可能显示在 HTTP 标头中的敏感信息。理想情况下,所有响应都应返回以下 HTTP 标头:

Cache-control: no-store, no-cache, must-revalidate,private,s-maxage=0
Pragma: no-cache

To add these headers, just add them to the web.config file, in the customHeaders section, in the following format:

<add name="Cache-control" value="s-maxage=0"/>

8 个月前更新


部署和配置注意事项


建议的编辑仅限用于 API 参考页面

您只能建议对 Markdown 正文内容进行编辑,而不能建议对 API 规范进行编辑。