You are viewing limited content. For full access, please sign in.

Discussion

Discussion

LaserApp Anywhere Integration Security Concerns

Laserfiche Integrations
Updated August 31, 2015
posted on August 31, 2015

Hi,

I have a client that is looking to use the LaserApp Anywhere integration.  They've run into some security concerns when configuring the integration and I'm looking for some input/recommendations.  They're concerned that they'll be opening their entire repository to the internet by providing a URL that LaserApp can post data to.  Is there an optimal configuration for this integration that may be more secure?  Or is their best option to use LaserApp Enterprise?

 

Thanks

0 0
replied on August 31, 2015

The Laser App Import Service is a separate installation from Web Access or the Laserfiche server, so it can be installed on a machine in your network's DMZ. Cases like these (a service needs to be visible to the internet) are essentially what DMZs are for.

Also, to be clear, it's not "opening their entire repository to the internet". The Import Service only allows posting to Laserfiche, not pulling data from Laserfiche, and the data must be in the specific Laser App post format to be imported into Laserfiche.

That said, using Laser App Enterprise does allow you to use the integration without opening up your network at all, so they may prefer than option if they are not comfortable with the DMZ solution.

1 0
replied on August 31, 2015

It's correct that the web service that LaserApp invokes needs to be visible outside your network, but it doesn't follow that you are opening your repository to the internet.  The web service you are exposing has no read functionality at all, it only allows LaserApp to send documents in.  In addition, normal Laserfiche security and best practices apply, so you should grant the application's account permission to import into only those locations that make sense for your integration and not give it access to any contents that it doesn't need.  It may also be possible to leverage IIS security features like IP address filtering, though you will need to contact LaserApp to find out what addresses they use and if they ever change.

1 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...