Assume a scenario where QF has scanned information to a workstation and transfers it to the server after processing the pages. In the process of transferring the information from the desktop to the server, we know we can encrypt the information via SSL. In SSL all of the data is encrypted in key locked packets. The data will likely go through some cache files and perhaps page files before it is decrypted at the server and stored on the encrypted LF volume. Is there any possibility of any residual unencrypted data left in a cache or page file or anywhere else after the transfer is complete? The client is moving credit card info either through WebAccess or client to server and it is critical for their security audit that we can assure them there is no residual and how do we know that? Thanks.
Question
Question
Is there any possibility of residual information left after a SSL transfer is complete?
asked on October 22, 2014
0
0
Replies
replied on October 28, 2014
Laserfiche wasn't designed to be a part of a PCI compliant solution. The official answer is that we can't guarantee PCI compliance. After speaking with our development team, it sounds like you'd need to encrypt everything down to the OS level, which might do the trick, but would certainly impact performance. Are you looking to meet a particular standard?
1
0
You are not allowed to follow up in this post.