PortSight Secure Access Documentation

Using the Catalog Manager

 

This chapter describes how to create and manage your Secure Access catalogs (user databases) using the Secure Access Catalog Manager. You can run this application from the Start menu -> All Programs -> PortSight Secure Access by clicking the Secure Access Catalog Manager icon.

 

    Security Note

Secure Access Catalog Manager stores the passwords you enter in the "catalogs.xml" file. This is actually an encrypted file containing XML data about the registered catalogs. The encryption mechanism is not very strong since the encryption key can be found in the Catalog Manager code after disassembling. You should allow only administrators to access this file.

Secure Access Catalog Manager distributes the passwords (database connection string) into Web.config files in a non-encrypted form, which is a common way most developers are used to. Thus, you should allow only administrators and developers to access this file. If you use default ASP.NET settings, the Web.config files cannot be downloaded from your Web site by visitors. If you fulfill both of these conditions, storing passwords not encrypted is not a security flaw.

 

This chapter covers following topics: