Cybersecurity

Navigation:  Security >

Cybersecurity

 Previous pageReturn to chapter overviewNext page

Connected Mode

When the computer is connected to the domain controller, the active directory allows access to the estimates.

QDV7 stores on the computer, in an encrypted way, the names of the NT Groups a user belongs to. Each time the user opens an estimate while connected to the active directory, this information is refreshed.

 

Standalone Mode

After disconnection, QDV7 still “knows” which NT Group the user belongs to. This enables the user to open estimates in standalone mode without entering any password.

If the security of files in standalone mode is a concern, you can store estimates in a strongly encrypted way: ask that all files be stored in an encrypted way when they are compressed by installing a security certificate on all user computers. An estimate encrypted with a certificate cannot be decrypted with another certificate. Select File>Tools>Files Estimate>Encrypt with Password; the item is checked to remind the encryption.

 

warning Certificates enable you to encrypt files (QDV7 files – estimates), but these files remain expanded in the memory and in the cache directory. So it makes sense only when you intend to send the estimate by any means inside your organization (no one is able to read this estimate without the certificate). This does NOT offer protection from data theft because possible “hackers” may find decrypted data in the cache directory.

The sole solution to protecting your data from theft is to use disk encryption instead of file encryption.

 

Connection to Databases

You can connect to databases through web services. Refer to How to Access a QDV Database with SQL Server.

If you need both security and speed, you may consider encrypting the connection to SQL Server with certification by a trusted third party.

 

Authentication & Profile by SSO (Administrator only)

OpenID Connect (OIDC) is an authentication layer on top of the OAuth 2.0 stack, an authorization framework. It allows you to log in with SSO to authorize access to estimate’s user profiles.

For demo, find IdentityServer4 in http://demo.identityserver.io.

 

CONFIGURATION

1.Copy the json files from <QDV_INSTALL_PATH>\SSO\ to <QDV_INSTALL_PATH>

2.Open QdvOidcSettings.json in QDV7 installation folder and change "IsOidcEnabled" from false to true, and save file

3.Open QdvOidcUserGroups.json in QDV7 installation folder; by default two groups are defined: Alice is in the first one, Bob in the second one.

 

TEST

Start QDV7: this opens an authentication window; log in with the bob/bob or alice/alice credentials

Open the Sample_With_Time_Frame.qdv estimate. For Bob, it opens with USER user profile. Alice must select between Admin and USER (no password).