The traffic from DocPop, FolderPop, and PDFPop requests is being passed across the Internet, so security around the data is extremely important. The following recommendations can help ensure data security.
-
The Web Server should be configured for secure connections only (HTTPS).
Note:The HTTP logon method should not be used in production environments because it passes the user name and password in clear text on the query string.
-
Administrators should apply least-privilege access to Web users and ensure they can access only folders or documents of a specific type, containing specific Keywords, and from within a specific date range.
-
PDFPop should be used when possible to further ensure that Web users can only view a document without exposing additional OnBase functionality to them.
-
Administrators should configure a custom Web page for each user or group of users to help enforce the principle of least privilege. For example, if some users only need to view documents through DocPop, then only the Retrieve/View privilege is needed for those users.
-
Use the interactive login method to provide another layer of security. When an autologin method is used, any user who can access the workstation could also access documents through DocPop, FolderPop, or PDFPop links. For example, when DocPop is accessed from a scanning workstation, the interactive login method will ensure that only users who have sufficient rights can log on and view or index documents.
-
Do not use a default or shared user account to access OnBase using DocPop, FolderPop, or PDFPop. This ensures that actions are attributed to a specific user.
For more information on configuration, see the DocPop, FolderPop, or PDFPop module reference guides.