Security Precautions

The Engagement feature allows you to configure live tiles and content that appear on a Point-Of-Sale (POS) device. Ensure that any external data sources or uniform resource locators (URLs) provided through Engagement are secure and derive from a trusted source.

The URL widget, which shows web content from the configured location, has some security precautions built into it. By default the URL widget locks the workstation operator into the domain of the link provided. That is, all links on a page that are outside of the domain are disabled to prevent workstation operators from navigating to these links. For example, if you configure a URL widget for http://www.oracle.com, all links outside of *.oracle.com are automatically disabled for the workstation operator.

Consider the following best practices when configuring the URL widget and POS device on which it runs.

Internet Security Settings

The browser security settings within the Engagement feature are defined by the settings of Microsoft Internet Explorer. When you change Internet Explorer options, (for example, Do not allow cookies) you also change the settings for the Engagement browser.

Do not move security levels below Medium-high with Enable Protected Mode on for Internet and Medium-low with Enable Protected Mode off for Local intranet. These are the minimum Engagement security settings. You may increase the security levels if desired.

Trusted Source

Only enter URLs for the widget from a secure and trusted source. Creating links to unverified sources and untrusted websites increases the security risk for your POS device.