You are currently reviewing an older revision of this page.
Document Type: FAQ Product(s): Bentley ProjectWise Version(s): All Original Author: Bentley Technical Support Group Legacy Document Number: 8400
Document Type: FAQ
Product(s): Bentley ProjectWise
Version(s): All
Original Author: Bentley Technical Support Group
Legacy Document Number: 8400
It uses standard base64-encoding. The user name is passed with clear text. Base64 is typically referred to as an encoding scheme not encryption. It is a very trivial encoding and is not considered secure.
It uses 128 bit encryption for the user name and passwords that are passed over the wire. The strength of the SSL session between a browser and server depends on the strength of the session key that is generated during session negotiation. This is a symmetric key used to encrypt and decrypt data exchanged by the browser and server. Browsers and servers usually negotiate the strongest mutually supported session. This means that if the user's browser and your Web server both supports 128-bit SSL sessions, a 128-bit session is established. If the user's browser only supports 40-bit SSL sessions, then a 40-bit session is established even if your Web server supports 128-bit sessions.
Using NTLM authentication and encryption method. Kerberos authentication is also supported, but neither NTLM nor Kerberos are used for encryption. Without separately activated SSL encryption (between the client and the server), only some most sensitive parts of some messages are encrypted by RC4 algorithm (using 128 bit keys). That is done independently of the authentication protocol.
It encrypted using RC4 algorithm (using 128 bit keys).
Using 128 bit encryption from the certificate server in your network. The keys are validated by the server running certificate server. It still uses port 5800. I would refer to this as the "ProjectWise Secure Connection" when not talking about WEL using HTTPS. SSL is a well know standard and our connection is not based on it.
Using ProjectWise in secure mode encrypts the data from ProjectWise Explorer to the application server. The configuration is done on the server. The encryption keys are handled by the certificate server.
Only when using the PW secure connection.
ProjectWise communicates to the backend database through ODBC. ProjectWise will use whatever is the type of connection you have setup. For example MS SQL Server passing user/password in clear text. You can use the Server Network Utility to enable SSL encryption over all enabled network libraries. SQL Server 2000 can then use the SSL to encrypt all data transmitted over any network library between a SQL Server 2000 client (ProjectWise Application Server) and a server running SQL Server 2000. The encryption level, 40-bit versus 128-bit, depends on the level of encryption supported by the Windows operating system involved as well. For maximum security it is recommended that you use Microsoft integrated authentication for the database connection
ProjectWise works with an Active Directory model in both Mixed and Native mode. ProjectWise Authentication Server will pull information from the Domain controller on users and groups within AD. Once in ProjectWise the users authenticate from the PW application server to the domain controller in AD.
For ProjectWise Windows Users we do NOT store the password in the database. The ProjectWise Authentication Server brings the user names from the domain into the database where they are stored in the DS_SID table. It then populates the user names to the dms_user table. When the user authenticates into ProjectWise, the ProjectWise Application makes a call to the domain controller in real time to authenticate the user. For this reason we do not store ProjectWise Windows accounts in the database. The actual passwords not stored in the database. In the PW logical user case only, a MD5 hash of the passwords is stored so that the plain text user password can not be recovered.
Not directly, ProjectWise will work with and Win2003 Active Directory using Kerberos. Authentication using Kerberos is supported.
If not using SSL it uses Base64 encoding and the password is encoded using that. For a more secure method it is recommended to use SSL within the web environment.
Product TechNotes and FAQs
ProjectWise TechNotes And FAQs
Bentley Technical Support KnowledgeBase
Bentley LEARN Server
Bentley's Technical Support Group requests that you please confine any comments you have on this Wiki entry to this "Comments or Corrections?" section. THANK YOU!