Most users will be concerned about security, especially if they are allowing a PerfectForms™ system located outside the firewall to access lookups. Although the is installed on a Web server, it can be made very secure. The following are some of the security methods employed by PerfectForms™:
| • | IP access restriction - Allows you to specify the IP address of the PerfectForms™ system or systems that will be requesting lookups. Requests from all other IP addresses will be ignored. |
| • | User name and password protection - All requests from the PerfectForms™ system are made with a user name and password. |
| • | Separate agent and database authentication - The user name and password that PerfectForms™ passes to the connection agent have nothing to do with the database or LDAP server authentication details. |
| • | Local database authentication - The database server authentication performed by the connection agent is used locally only and does not need to leave the machine. |
| • | SQL injection - A PerfectForms™ user is never able to format a SQL query that is passed straight through to a database. The connection agent always is responsible for assembling the query. This prevents SQL injection attacks or the ability to run delete queries. |
Updated: 06/12/2011
Page url:
http://www.perfectforms.com/Documentation/manual/html/?security.htm
PerfectForms™ -- forms software, workflow software, and business process management
