Recommendations for Using R Securely
The R Consortium, of which TIBCO is a proud member, recently posted a summary of "Best Practices for Using R Securely."
We encourage anyone using open source R, whether with TIBCO products or not, to review those Best Practices, which essentially recommend that users who download R and R packages do so from a secure server using an encrypted HTTPS connection.
The following guidance provides information regarding how these recommendations do, or do not, apply to TIBCO Enterprise Runtime for R.
Recommendation #1: If you download open-source R, always do so from a CRAN server using HTTPS
TIBCO Enterprise Runtime for R is a commercial product, and you download it either from our secure TIBCO Product Download site (for customers who purchase TIBCO Enterprise Runtime for R) or from the TIBCO Access Point (TAP) site (for members of the TERR Community who are using the free TIBCO Enterprise Runtime for R Developer's Edition). Both of these sites use HTTPS.
Recommendation #2: If you download open-source R, check its MD5 checksums before you begin the installation
Customers downloading TIBCO Enterprise Runtime for R from the TIBCO Product Download site should confirm the MD5 checksums following the same process as in detailed in the Best Practices.
Recommendation #3: If you have open-source R installed, configure it for secure file downloads
By default, TIBCO Enterprise Runtime for R uses HTTPS for secure file download if a secure mirror is specified. There is no need to do any special configuration of TIBCO Enterprise Runtime for R.
Recommendation #4: Always download CRAN packages from a secure mirror
We recommend TIBCO Enterprise Runtime for R users follow this recommendation, and always download CRAN packages from a secure mirror. The Best Practices post includes a list of CRAN sites that use HTTPS.