You are viewing limited content. For full access, please sign in.

Question

Question

Feature Request: High Security Forms Configuration Support Attachments

Ideas Forms
Updated August 30, 2020
asked on September 11, 2018

We recently discovered that when using the High Security configuration for a Forms installation as outlined in the "Hosting Laserfiche Forms 10 In A Perimeter Network (DMZ).pdf" that you are not able to use the attachments field because it will not pass the attachment information to the internal SQL server.

Will this be fixed in Forms 10.4?

Also, can the PDF be updated to note that attachment fields will not work?

2 0

Answer

SELECTED ANSWER
replied on August 30, 2020

This has been addressed in Forms 10.4.4 as now you can enable "EnableAttachmentTransfer“ to use the Laserfiche Forms Routing Service on the internal Forms server as proxy to upload files from DMZ with high security setup. The white paper has been updated with the required settings. 

0 0

Replies

replied on September 11, 2018

The latest version has a note saying attachments don't work.

0 0
replied on September 11, 2018

Is a fix for this planned for 10.4?

1 0
replied on September 18, 2018

Hi Blake,

you can try using SQL transactional replication to synchronize the [cf_bp_attachment_data] table between the DMZ database and the internal database.

Configure the DMZ database as a publisher while the internal database as a subscriber, and publish the [cf_bp_attachment_data] table (for secure, you should ONLY publish this table). Then, just follow the "Hosting Laserfiche Forms 10 In A Perimeter Network (DMZ).pdf" to configure your Forms servers.

As I tested on Forms 10.3.0, it worked well!

 

Here is a guide for SQL transactional replication configuration, try it!  wink

https://docs.microsoft.com/en-us/sql/relational-databases/replication/tutorial-replicating-data-between-continuously-connected-servers?view=sql-server-2017

 

0 0
View 2 previous replies
replied on September 18, 2018

The only problem is that it requires communication from the DMZ SQL server to the internal SQL server, which defeats the purpose of the High Security option. It would need to communicate it from the DMZ Forms server to the internal Forms server.

0 0
replied on September 18, 2018

Manually copying the table would work as well.  But would setting up a pull request for this one table from the internal SQL server and open the port 1433 for inbound traffic for a specific machine and application not be secure enough?   Is there a requirement by some customers that only WCF traffic is allowed?  If this is more than just a documentation change and is required we can look into adding WCF file transfer.  

0 0
replied on September 18, 2018

This specific client does not want any communication from the DMZ to the internal SQL server. They were excited when they found out we could have a SQL server in the DMZ until we found out that attachments don't work.

1 0
replied on September 21, 2018

Thanks, for the feedback.  I'm sorry we cannot get to it for 10.4 due to a feature freeze but we will update the documentation with the above workaround and I added your request to our 10.4.1 backlog items.  I can't make any promise it will be in a future version until it's implemented and tested.

1 0
replied on February 18, 2019

Hope to see it in 10.4.1.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...