Best Practices for using R Securely
The R Consortium, of which TIBCO is a proud member, recently posted a summary of "Best Practices for Using R Securely". We encourage anyone using open source R (whether with TIBCO products or not) to review those Best Practices, which essentially recommend a user download R and R packages from a secure server using an encrypted HTTPS connection.
Regarding how these recommendation do (or do not) apply to TERR:
Recommendation #1. Always download R from a CRAN server using HTTPS
- TERR is a commercial product, and downloaded either from our secure TIBCO Product Download site (for customers who purchase TERR) or from the TIBCO Access Point (TAP) site (for members of the TERR Community who are using the free TERR Developer's Edition). Both sites use HTTPS.
Recommendation #2. Check the MD5 checksums of R before you begin the installation.
- Customers downloading TERR from the TIBCO Product Download site should confirm the MD5 checksums following the same process as in detailed in the Best Practices.
Recommendation #3. Configure R for secure file downloads
- By default, TERR will use https for secure file download if a secure mirror is specified. There is no need to do any special configuration of TERR.
Recommendation #4. Always download CRAN packages from a secure mirror
- We recommend TERR users follow this recommendation, and always download CRAN packages from a secure mirror. The Best Practices post includes a list of CRAN sites that use HTTPS.