Authorization of all DocuWare components via oAuth2
Components: All Desktop components
All server and desktop connections are now using the modern and secure oAuth2 standard which is replacing our previous cookie-based method.
Instead of the central log in to DocuWare Desktop, each desktop application is now authenticated separately to DocuWare via oAuth2 at startup. For this purpose, a browser window with the DocuWare login opens at the first start.
Benefits
Enhanced security
Fit for the future
Here's how
Make sure to install the newest version of the Desktop Apps after updating to DocuWare 7.10.
When a desktop application is started for the first time, the DocuWare login dialog opens in the browser. After successfully logging in, the corresponding desktop application is started and authenticated against DocuWare.
You will find the expiration date in the web client's main menu under Profile & Settings > Security.
Checksum with new encryption algorithm
Component: DocuWare Configuration
If you have enabled integrity checking in the file cabinet settings, a checksum is created for each stored document during archiving. This allows you to determine if a document has been modified at the file level in the viewer using the Check if document has been modified button. This function now uses the new SHA-256 algorithm.
Benefits
Greater security
Future-proof technology
Here's how
You can activate the integrity check via checksum in DocuWare Configuration under File Cabinet > General > Security. The new algorithm is only used for new checksum calculations. Existing checksums, i.e. checksums created before version 7.10, remain unchanged.
Even more security for webhooks and web services communication
Components: Workflow Designer, DocuWare Configuration
When you use webhooks and web services, the HMAC cryptographic technology guarantees the authenticity and integrity of transmitted messages, in addition to other security mechanisms.
Here's how
To execute a test HTTP request, in the Workflow Designer, you use the send function in the web service activity and in the configuration of webhooks, you use the test function. The hash is calculated with the passphrase of the organization. The user running the test must be an organization administrator.
The DocuWare iPaaS Connector for make.com also checks this signature. This applies to webhooks, web service activities in the workflow and validation in store and index dialogs.