ExtraView is a secure application and has been developed to adhere to the strictest standards. Additional security is important and should be implemented by ensuring the environment within which ExtraView resides is secure, using firewalls and encryption of the network traffic with SSL, etc.
It is possible to protect sensitive data within the database using a further level of encryption. This protects against your database from unauthorized access, and unauthorized users using SQL commands to extract data. This encryption is provided for fields with a display type of text, and is applied on a field-by-field basis. This can be used, for example, to provide added protection for fields such as social security numbers and bank account numbers.
Authorized users will still see data that is encrypted within the database in the normal way. It is assumed that users will be educated on the sensitivity and privacy of data, and that the screens and reports they view may contain proprietary data that should not be stored with unauthorized personnel.
This feature is only available in the ExtraView Enterprise version. To provide the security, secret keys (or passwords) are stored in what is termed a keystore within ExtraView. You may use a single key for all the fields you protect, or use different keys for different fields.
These keys must be stored safely by the administrator, and there is no way to ever retrieve a lost key. This is critical to understand and neither the ExtraView application nor ExtraView Corporation personnel can ever retrieve a lost key. It cannot be stressed too much how important it is to have a process to record the keys used, and to keep them safe.
Further, here are items that should be considered before implementing encrypted fields:
The above limitations may be relaxed within future versions of the product.
There are 3 possibilities of how the secret keys may be used to unlock the data, dependent upon your requirements:
Configuration.properties
file which is read by ExtraView upon startup of the application. This is more convenient than entering the passwords manually, but not quite as secure. Of course, the filesystem with the Configuration.properties
(and other) files should be protectedConfiguration.properties
file using the technique described in the ENCRYPT_PROPERTIES section of the Installation & Configuration Guide.Unused keys may be deleted from the database, and the keys within the keystore may be updated by the administrator after providing the current key.