Preferences:Advanced Properties:Security

From WebWatchBotWiki
Jump to: navigation, search
 Share 

Description

The "Security" section specifies how sensitive data should be stored in the WebWatchBot database. Sensitive data includes but is not limited to user login credentials and stored information regarding web pages. See also: Securing WebWatchBot

WebWatchBot provides 128-bit encryption for the following data fields, referred to in this document as sensitive data:

  1. HTTP Post Data
  2. HTTP Cookies
  3. HTTP/FTP/POP3 Username and Password

These data fields are either all encrypted or not encrypted at all, e.g. one cannot selectively encrypt one data field but not the other.



Precautions and Recommendations

  • ExclamationSoft is not responsible for lost or stolen PassPhrases and has no "back-door" to recover a lost or stolen PassPhrase or decrypt encrypted data. Write down your PassPhrase and store it in a secure and safe location.
  • If you are using or running Remote Client installations:
  1. The main server and Remote Clients should all have matching Security Encryption settings with the exception of the PassPhrase Storage Filename (see 2). Failure to have matching settings may cause data corruption and/or loss of data.
  2. If PassPhrase Storage Type (see below) is set to "File", the PassPhrase Storage Filename should not point to the same location as on the Main Server or another Remote Client.
  3. When changing Security Encryption settings, you should first change the Main Server, then update the Remote Clients with the same configuration. Failure to do so, may cause data corruption and/or loss of data.
  4. Internally, when Security Encryption settings are changed, the data is decrypted and then encrypted with the new settings. To help prevent undesirable results, Remote Clients do not decrypt then encrypt data after Security Encryption Settings are changed.
  • When re-installing on a machine with an existing installation, set "Use Encryption" to false before uninstalling and re-installing. This will decrypt all sensitive data. If this step is not performed, start WebWatchBot Manager, then stop and start the WebWatchBot Service.
  • Use at your own risk. Lost or stolen PassPhrases and incorrectly configured Security Encryption settings can cause data corruption and/or loss of data. Back-up your data before using encryption, and periodically back-up your data. ExclamationSoft is not responsible for data loss. Please refer to your license agreement for more detail regarding your rights and responsibilities.



preferences_security.gif


Fields

Use Encryption

  • If true, encryption is enabled for the WebWatchBot application and the next options are enabled for configuration.
  • If false, encryption is not enabled for the WebWatchBot application and the next options are disabled for configuration and any existing settings are ignored. This is the default setting.


PassPhrase

  • A PassPhrase is a string of text (phrase) that's used by WebWatchBot to generate a Secret Key. PassPhrases are like passwords, but should be much longer and more difficult to guess. When using a PassPhrase to generate a Secret Key, you should be aware of the following criteria for coming up with an effective phrase:
  • Length. A typical english-text PassPhrase should have about the same number of characters as there will be bits in the Secret Key to be generated. The reason for this is the weak entropy of regular English text based on the predictability of subsequent characters or words. In fact, each character can contribute about 1.2 bits for a Secret Key.
  • Content. To create a really good PassPhrase, or to reduce the number of characters without sacrificing effectiveness you should use words not found in dictionaries and you should also use plenty of numbers, special characters and mix uppercase characters with lowercase characters often. You can also reverse some words and not reverse others, and maybe even throw in a word or two from other languages too.
  • If no PassPhrase is entered, encryption will automatically be set to false.
  • Changing the PassPhrase will first decrypt all sensitive data with the previous PassPhrase (if exists), then encrypt all sensitive data with the new PassPhrase.


Require Login

  • If true (most secure):
    • When the WebWatchBot Manager Application starts, a dialog box prompting for the secret PassPhrase will appear.
    • The WebWatchBot service will be set to start manually and must be started through the WebWatchBot Manager Application. Starting the service through the control panel, while successful, will not allow decryption of encrypted data which may cause Watch Items to fail.
    • The "PassPhrase Storage Type" is temporary. The PassPhrase is temporarily encrypted and stored on the system until the WebWatchBot service is started.
      • If "PassPhrase Storage Type" is set to "Registry", then the PassPhrase is encrypted and stored in the registry until the WebWatchBot service is started. Once started, the registry entry is deleted.
      • If "PassPhrase Storage Type" is set to "File", then the PassPhrase is encrypted and stored in the specified file until the WebWatchBot service is started. Once started, the file is deleted.
  • If false (less secure):
    • The secret PassPhrase will be encrypted and stored (see "PassPhrase Storage Type" below) for use by the WebWatchBot Manager Application and the WebWatchBot Service for data decryption each and every time started.
    • The WebWatchBot service can be set to start automatically. The PassPhrase for decryption is found in the stored location.
    • WARNING: The PassPhrase can be viewed through the WebWatchBot Preferences dialog. If you set "Require Login" to false, you should consider setting execute permission to the WebWatchBot Manager executable for trusted users only.
      • If login fails, e.g. wrong PassPhrase given, the user will be prompted to set a new PassPhrase and all encrypted data will remain encrypted, meaning at the very worst, all encrypted data fields will have to be re-entered.


PassPhrase Storage Type

  • Registry (less secure - multiple users may have access): The PassPhrase is encrypted and stored in the system registry.
  • File (more secure - fewer users may have access and permissions can be set on the file and/or directory): The PassPhrase is encrypted stored in a file on the filesystem. If this type of storage is selected, a filename must be entered (see "PassPhrase Storage Filename" below)


PassPhrase Storage Filename

  • The fully qualified pathname to the file to encrypt and store the PassPhrase.
  • The filename is encrypted and stored in the registry.
  • Data in the physical file is encrypted.