Parag_Mahajan - Friday, September 9, 2011 9:22 AM:
Hi,
I would like to know about the security model used by Aras.
Is there any encryption/decryption happening to the data that is being transmitted over the wire?
I am concerned about the security of files with a sensitive data being added through Aras Innovator.
Are there any chances that the files can be tampered when they are being transmitted?
Thanks and Regards,
Parag
eric_h - Friday, September 9, 2011 6:41 PM:
Parag,
I don't know for sure, but my guess is that the method to secure anything transmitted is to run the web server as port 443 / SSL. Of course, this got me thinking about some of the tools that run external to Explorer, and how would they be able to handle the encrypted traffic.
Someone more knowledgeable on the matter will need to answer, but thought I would share my thoughts. I believe the passwords are stored as MD5 hashed, and so even if the wire line protocol is insecure, the passwords cannot just be sniffed and used (in theory at least.)
Eric
Jennifer - Friday, September 9, 2011 7:53 PM:
Hi Parag,
There is an online Wiki that may provide the answers you are looking for. For answers specific to Security and Access Control visit www.aras.comhttp:/.../06-security-and-access-control.aspx.
If you require additional information your Aras representative or certified partner can help answer questions specific to your environment and concerns.
Best,
Jennifer
