Recommendations for using R securely
The R Consortium, of which TIBCO is a proud member, has provided a summary of "Best Practices for Using R Securely."
We encourage anyone using open source R, whether with TIBCO products or not, to review those practices at the following site: https://www.r-consortium.org/blog/2015/08/17/best-practices-for-using-r-securely. This guidance essentially recommends that users who download R and R packages do so from a secure server using an encrypted HTTPS connection.
The following guidance provides information regarding how these recommendations do, or do not, apply to TERR.
Recommendation: If you download open-source R, always download it from a CRAN server using HTTPS
TERR is a commercial product, and you download it either from our secure TIBCO Product Download site (for customers who purchase TERR) or from the TIBCO Access Point (TAP) site (for members of the TERR Community who are using the free TERR Developer's Edition). Both of these sites use HTTPS.
Recommendation: If you download open-source R, check its MD5 checksums before you begin the installation
Customers downloading TERR from the TIBCO Product Download site should confirm the MD5 checksums following the same process as in detailed in the R Consortium blog post, cited in this topic.
Recommendation: If you have open-source R installed, configure it for secure file downloads
By default, TERR uses HTTPS for secure file download if a secure mirror is specified. There is no need to do any special configuration of TERR.
Recommendation: Always download CRAN packages from a secure mirror
We recommend TERR users follow this recommendation, and always download CRAN packages from a secure mirror. The Best Practices post includes a list of CRAN sites that use HTTPS.