How do I optimise the security of my database?

How do I optimise the security of my database?

This article has been machine translated. If you find any errors, we would be grateful if you could report them to translation@timesensor.com.

Since lawyers handle particularly sensitive data, the security of the timeSensor LEGAL database is an issue that must be taken particularly seriously. The following entry provides information on the secure operation of the database.

General

This FAQ article is limited to the security settings around the 4D database itself. Independently of this, you must ensure that the security of your infrastructure is guaranteed. For example, a network must be protected by a firewall and the workstations must be kept up to date in terms of software. 
Have the security of your infrastructure checked periodically by an independent expert!

Database encryption

In multi-user operation, your client application communicates permanently with the 4D database. To ensure that the data traffic between the client and the 4D server is not intercepted, you should encrypt the communication between the client and the 4D server. Proceed as follows:
  1. In the administration window of the 4D Server, click on Application Server and check whether encryption is already switched on or not. Encryption is switched on if a Yes is visible under SSL active:. In this case you do not need to do anything.
  2. Otherwise, in the File menu (macOS) or Edit (Windows) under Database Settings, select User Settings for Data File... (macOS) or User Data Settings... (Windows).
  3. Click on the Client-Server tab in the window
  4. Activate the checkbox Encrypted client-server connections.
  5. Click on OK to save the settings.
  6. Close the database server and restart it.


In order for the clients on the individual workstations to log on with SSL encryption in the future, you must now switch the connection on the workstations once. Proceed as follows:
  1. Start the client and hold down the Alt/Option key.
  2. Click Customised in the connection window
  3. In the Application Name: field, enter the following: ^timeSensor

The leading Circumflex causes the client to log on to the server via SSL encryption in the future.
  1. Enter the IP number of your server in the Network Address field.
  2. Connect as usual
Note for administrators: if you are responsible for a large number of workstations, you can also roll out a pre-configured client via your deployment tool. There is a subfolder Database in the folder of the client application where the file EnginedServer.4Dlink is located.
The exact path is as follows:
  1. macOS: Contents/Database/EnginedServer.4Dlink (within the client programme package)
  2. Windows: timeSensor Client/Database/EnginedServer.4Dlink
Edit this XML file as shown in the example. Here it is also important that the database name is preceded by a circumflex (i.e. ^timeSensor).



Login dialog

When logging on to the database, the user first encounters the login window of timeSensor LEGAL. With regard to this window, timeSensor LEGAL offers various security levels, which can be selected in the settings area under Admin - Special. In this window, click on the Security tab and set the Login window slider to the desired level:
  1. Level 1 (More Comfort): this is the classic login dialogue. It shows the user list, the list of active entities (if there are multiple entities) and it automatically remembers the last user or entity so that they are automatically pre-selected. This dialogue is user-friendly but not ideal for privacy reasons, especially as it reveals the names of the users and the entity names. Only use this level if you are using timeSensor LEGAL in a smaller, protected environment.
  2. Level 2: at this level, the login dialogue shows neither the user list nor the entity list. Instead, the user must enter them manually. timeSensor LEGAL remembers the last entries, so these fields usually appear pre-filled and only the password needs to be entered.
  3. Level 3: like level 2, but timeSensor LEGAL only remembers the last entity. User name and password must be entered manually by the user each time.
  4. Level 4 (More security): as level 2, but timeSensor LEGAL does not remember the previous entry. Entity code, user name and password must be entered manually each time. This is the highest security level and is especially recommended if your database is in the cloud.

    • Related Articles

    • How can I optimise the security of my database?

      Since lawyers deal with particularly sensitive data, the security of the timeSensor LEGAL database is an especially serious matter. The article below provides information on how to ensure the safe operation of the database. General information This ...
    • How often should the database be reorganized?

      This article has been machine translated. If you find any errors, we would be grateful if you could report them to translation@timesensor.com. Reorganising (compressing) the database can help speed up queries and should therefore be done regularly, ...
    • How Can I Create a Shortcut to the timeSensor® LEGAL Database?

      When you start the timeSensor LEGAL client app, you will be asked which server you want to connect to (see C1. How do I connect with the timeSensor LEGAL Server?) If you want to avoid this step, create a *.4dlink file shortcut directly to your 4D ...
    • timeSensor and log4j

      Background In December 2021, a serious security vulnerability was found in a Java library. timeSensor LEGAL Neither the 4D database nor timeSensor LEGAL are affected by the vulnerability, as this library is not used. For this reason, no further ...
    • How do I set up a Windows server for use with timeSensor LEGAL Classic?

      General This article describes how a Windows server must be set up to use timeSensor LEGAL. The configuration described in this article is binding in the sense of the General Terms and Conditions of timeSensor LEGAL. These instructions apply to ...