Hi all,
In order to try to make LFDS compatible with Availability Groups, I'd like to test different connection strings. Is it possible to modify the connection string used by LFDS?
-Ben
Not at this time. Let me see what we can do for LFDS 10.
Bump!
Sorry for the late reply, not sure how this one got lost. The connection string is encrypted, so it can't be edited. You can detach the database and attach another one through the Web Console.
Hi Miruna,
In order to get LFDS working with availability groups, the DBA suggested appending the connection string with:
MultiSubnetFailover=True
and
Connect Timeout=180
Can this be done through the Web Console too?
Not at this time. Let me see what we can do for LFDS 10.
Thanks and no worries for the late reply. :-)
Hi Miruna,
For regulation purposes, a client needs to know the encryption method used to encrypt the connection string, specially the sql user password.
It's this info available for LF 10?
Thanks
Thanks,
My end user is a financial institution with big security concerns and Laserfiche must be approved by this team in order to be implemented.
Please extend your reply to the following questions that the Security Team sent me:
Does the encryption complies with:
- 3DES/Triple DES
- Key length: 112/168
- 3-Key 3DES is recommended. Use of 2-key 3DES may continue but migration to 3-key during the next upgrade or during periodic key rotations is required. 2-key DES EOL beginning March 2016.
- Where is the encryption key stored?
- Which encryption level is used?
- How many keys are used on the encryption algorithm?
- Does encryption include cryptanalytic items (i.e. code breaking)?
- Is there an Open Cryptographic Interface (can end user change the encryption algorithm or plug in another crypto service provider) without writing more code?
3DES is an algorithm, not a standard. . The DataProtectionConfigurationClass uses the DPAPI , so we do not control the algorithm. Microsoft documentation seems to indicate that DPAPI uses 3DES under the hood, but you would need to confirm it with them. The algorithm used is in LFDS is not customizable.