Thanks to Louis Bajuk-Yorgan for this:
The R Consortium, of which Spotfire® is a proud member, recently posted a summary of "Best Practices for Using R Securely".
We encourage anyone using open source R (whether with Spotfire® products or not) to review those Best Practices, which essentially recommend a user download R and R packages from a secure server using an encrypted HTTPS connection.
Recommendations
Always download R from a CRAN server using HTTPS
Spotfire® Enterprise Runtime for R is a commercial product, and downloaded either from our secure Spotfire® Product Download site (for customers who purchase Spotfire® Enterprise Runtime for R) or from the TIBCO Access Point (TAP) site (for members of the Community who are using the free Spotfire® Enterprise Runtime for R Developer's Edition).
Both sites use HTTPS.
Check the MD5 checksums of R before you begin the installation.
Customers downloading Spotfire® Enterprise Runtime for R from the Spotfire® Product Download site should confirm the MD5 checksums following the same process as in detailed in the Best Practices.
Configure R for secure file downloads
By default, Spotfire® Enterprise Runtime for R will use https for secure file download if a secure mirror is specified. There is no need to do any special configuration of Spotfire® Enterprise Runtime for R.
Always download CRAN packages from a secure mirror
We recommend Spotfire® Enterprise Runtime for R users follow this recommendation, and always download CRAN packages from a secure mirror. The Best Practices post includes a list of CRAN sites that use HTTPS.
Recommended Comments
There are no comments to display.