You are viewing limited content. For full access, please sign in.

Question

Question

How does Laserfiche Workflow handle sensitive API response data?

Workflow Laserfiche API
Updated one day ago
asked one day ago

A customer of ours is currently working on a designing a workflow process that includes adding a HTTP Web Request activity that will retrieve sensitive employee data through an API call. The Client has the following question:

 

Sensitive API Response Data:

Since the API response will contain sensitive employee information, how does Laserfiche handle that data from a security standpoint?

Is the response encrypted in memory? If the data is saved or cached, how and where is it stored?

 

0 0

Answer

APPROVED ANSWER
replied one day ago

Workflow has no knowledge of the sensitivity of the API response contents. All temporary data is stored locally in the Workflow volume (on disk) for the duration of the instance. Any token values that you track (or that Workflow automatically tracks on instance termination) would be stored in clear text in the database. 

Workflow volume should be secured just like repository volumes so direct access to its contents is restricted. Direct access to the database should be similarly restricted. You can use Workflow security to restrict access to individual workflows and their instances. 

3 0
replied one day ago

While Workflow does not encrypt individual values in its database, Microsoft provides lower-level options for encrypting SQL Server data at rest. You can read their documentation on that here: 

0 0

Replies

You are not allowed to reply in this post.
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...