Recommendations for Using R Securely
The R Consortium, of which Spotfire is a proud member, has provided a summary of "Best Practices for Using R Securely."
We encourage anyone using open source R, whether with Spotfire products or not, to review those practices at the following site: https://www.r-consortium.org/blog/2015/08/17/best-practices-for-using-r-securely. This guidance essentially recommends that users who download R and R packages do so from a secure server using an encrypted HTTPS connection.
The following guidance provides information regarding how these recommendations do, or do not, apply to TERR.
Recommendation: If you download open-source R, always download it from a server using HTTPS
TERR is a commercial product, and you download it from our secure TIBCO Product Download site. This site use HTTPS.
Recommendation: If you download open-source R, check its MD5 checksums before you begin the installation
Customers downloading TERR from the TIBCO Product Download site should confirm the MD5 checksums following the same process as in detailed in the R Consortium blog post, cited in this topic.
Recommendation: If you have open-source R installed, configure it for secure file downloads
By default, TERR uses HTTPS for secure file download if a secure mirror is specified. There is no need to do any special configuration of TERR.
Recommendation: Always download CRAN packages from a secure mirror
We recommend TERR users follow this recommendation, and always download CRAN packages from a secure mirror. The Best Practices post includes a list of CRAN sites that use HTTPS.
By default, TERR installs packages from the Posit CRAN snapshot repository with CRAN package versions available when this version of TERR was made available. This Posit snapshot is a secure site.