Search This Blog

Friday, April 7, 2017

More secure password generation algorithms for built-in security system classes are available in XAF v16.2 and v17.1

We have offered new options for those of you who need to deploy apps to production environments with the FIPS policy enforced (e.g., government desktop computers or highly secured web servers). XAF APIs now support FIPS compliant algorithms for more secure user passwords encryption and images hashing. 

Please refer to the article below for more details and let me know what you think of it:




5 comments:

  1. Please also make special note of this in the XAF online documentation so we can refer clients there for verification.

    Saif

    ReplyDelete
    Replies
    1. Would you please clarify what kind of verification you are referring to and why this blog post or the https://www.devexpress.com/Support/Center/Question/Details/T501305 article from us are insufficient? I must also note that you can continue using the old algorithm if your clients wish to.
       
      In any case, the https://documentation.devexpress.com/#eXpressAppFramework/CustomDocument112649 article already contains some information on the new algorithm. It has also been updated further for the v17.1 release.

      Delete
  2. When selling XAF to clients (here in USA) I get asked several questions regarding security and compliance. A blog post might be sufficient for the tech savvy users, but in my meetings there are also business managers and stakeholders who only understands the big picture. Referring them to the actual documentation of a product, IMO, is always better practice. That confirms that it actually exists and not just HACKED together.

    Here is a fun fact I learned from experience...many business managers still think a "software patch" is like applying band-aid to their operations. I use my words with extreme caution.

    ReplyDelete
    Replies
    1. Thanks for your clarification. I hope that the https://documentation.devexpress.com/#eXpressAppFramework/CustomDocument112649 documentation article will be sufficient for your clients.

      Delete