CWF : Security Features

Created by Anil Bhimineni on Oct 13, 2017
  • DBSync iPaaS is one hundred percent JAVA application.
  • The On-Premise version of iPaaS can be downloaded and installed from mydbsync.com . The installation is available for Windows (.exe) or Linux (.zip) file.
  • The On-Premise version of iPaaS is built to run it's user interface on top of Tomcat web server
  • All configuration for On-premise version of iPaaS projects are stored in local file system <<install-dir>>/CloudWF\WEB-INF\conf
  • All passwords stored are encrypted with industry standard encryption algorithms. 
  • All Web communications with applications being connected comply with HTTP/S 256 bit encryption standards.
  • DBSync License check occurs at every run using HTTP/S 256 bit calls to DBSync License servers. This call can be avoided by installing a local license file (Ask for installing a local license file with your implementation engineer)

FAQ

Q : Where is iPaaS Cloud version running? 

A:  DBSync iPaaS run on Amazon AWS which provides state of art data center and fully security compliant. For more information logon to the Amazon.com 

Q: Do DBSync iPaaS either On-Demand version or On- Premise store data on their server for the applications that are being connected ?

A:  No, We do not store any of the application data that are being connected using our platform, We only store the configuration with industry standard encryption algorithm to facilitate the data flow between source and target application.

Q : What logging is in place for the iPaaS?

A: DBSync generates configuration specific logs (Projects) under a "log" directory and Tomcat log files. The "log" file is located under the installed directory but can be switched to another location through setup. The information logged is related to the progress and errors. No confidential or data is written to the logs.

Q: What kind of transport level security is covered ?

A: This is done via SSL, For more information logon to transport layer security .

Q: DBSync Apps that are listed on Stack Exchange, Appsource to which extent are they secured?

A : All of our Apps that are listed on Salesforce Stack Exchange or on Microsoft AppSource have passed all the security reviews which are enforced by Salesforce Stack Exchange and Microsoft AppSource and after which they are published to their platforms respectively.

Q: How is DBSync secured to prevent tampering or other unauthorized modification of its configuration?

A: DBSync is built on Tomcat and Spring framework. While out of the box, it does not come with user management, one can easily implement Tomcat Realm Security or Spring Security to implement their security. It is also recommended that this server be accessible only through approved IP ranges to further protect access to the server. If you are running the application in batch mode, you do not Tomcat Server to be running once its setup. This will further secure any web access to your install.

Q: How does DBSync authenticate to applications that need to be integrated ? Confirm SSL/HTTPS is enforced for authentication/data transfer?

A: DBSync uses SOAP \ RESTFUL services to authenticate and communicate with third party applications. It uses the HTTP/s protocol while communicating with these application via web.