When Lucity programs connect to a SQL Server or Oracle database they have to send login credentials. Since these are usually sent out over a network there is the possibility that they could be intercepted in the network. To ensure safety Lucity provides several different options for managing and securing the configuration information.
Managing Database Connection Encryption
There are two ways to manage the connection encryption
Centrally Managed Desktop Gateway - This allows an administrator to make changes in a single location and have those changes automatically download to each workstation. This is the default setting.
Manual Configuration - This requires an administrator to visit each machine to make changes to the database connection configuration. This option can be more secure than a Centrally Managed Gateway.
Database Connection Encryption
Once an agency has decided how to manage the encryption they have 3 options with how to encrypt the connection credentials.
Integrated Security - This uses windows authentication through a Active Directory group to encrypt and send connection credentials to the database.
Unencrypted credentials - (these credentials do not provide access to the entire database, just a very limited set of stored procedures)
Encrypted credentials - Manually setup encryption. (This is the most secure method)
Management > Encryption match-ups
The following matrix outlines each of these types of databases and the options for managing the deployment of these configurations:
Centrally Managed
Manual Configuration
Integrated Security
X
X
Unencrypted Configuration
X
X
Encrypted Configuration
X
Defaults
SQL Server - Centrally Managed, Integrated Security.