Checksums - Security Best Practices - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Essential - Premier - Standard - external - Standard - Essential - Premier

Security Best Practices

Security Best Practices
Foundation 23.1

Checksums are used to help ensure that the information received from applications is valid.

Checksums should be used with DocPop, FolderPop, or PDFPop to help ensure that only URLs generated by OnBase are used to access OnBase. Checksums can also prevent users from tampering with the URL and retrieving data other than the data that the URL was intended to retrieve. For example, if a DocPop URL retrieves documents by account number, a malicious user could modify the account number in the URL to retrieve documents for a different account. A checksum will help prevent the user from accessing other documents by modifying the URL.

When a user attempts to retrieve a document with a checksum configured, the checksum in the URL is compared to the expected checksum in OnBase. If the values match, the request is filled. If the values do not match, the request returns an error message.

Checksums should always be used when integrating DocPop, FolderPop, or PDFPop with an application that is not OnBase.


Checksums do not prevent other users from using a URL, nor do they cause URLs to expire. To enforce access to OnBase through DocPop, FolderPop, or PDFPop links, configure an interactive login method.


For more information on configuring checksums, see the DocPop, FolderPop, or PDFPop module reference guides.