Security FAQ
Engine FAQ
License FAQ

Windward Security FAQ

In this FAQ, we answer any questions you have around Windward and security. If anything is not answered, please contact us at success@windward.net.

Does Windward see my data?

The company Windward does not have access to your data.

Does the Windward program write anything to my data?

The Windward program only reads from your data, with the following caveat. A user can write any select for a tag and that tag could include a command to to change the datasource. Therefore, we recommend that you provide read-only credentials to any datasource you pass to Windward to enforce this restriction.

Do I need to worry about SQL injection attacks?

With SQL and OData (JSON & XML are read-only files so not an issue), there are three modes you can specify for setting parameter values.

1) Always use the connector setParameter() call - which precludes any injection attack.
2) Always use string substitution - which will allow an injection attack.
3) Mixed mode where parameter names starting with an _ like _var are string substitution and the rest are setParameter().

The default is the third mode which assumes the template designers will use _var carefully and appropriately.

How do you save the datasource connection credentials in the designer?

The designer stores the credentials to each datasource in the template one of three ways.

1) In clear text (uuencoded, but no encryption).
2) They are encrypted for the logged in user using System.Security.Cryptography.ProtectedData and on subsequent use decrypted, only for that same user.
3) They are not stored and have to re-entered each time the template is opened.

The default is mode 1 which assumes designers point to a sample datasource.

What security vulnerabilities exist in the program?

First, if you turn on verbose logging, that will include template and data content. And even error or fatal logging can include template content and/or data in the exception information logged. The logging does try to scrub passwords from the info logged, but it works based on expected patterns for a password (i.e. "password=secret"). Second, the XPath 1.0 libraries are susceptible to XXE attacks. Always use the XPath 2.0 (Saxon) libraries for XPath datasources.

Is Windward GDPR compliant?

We believe so (is anyone 100% sure?). We do this by not seeing or touching your data in any way.

How do you keep my data secure?

We never have access to your data. The Windward program runs on your system and the data it reads is merged into the generated report - and that's it.

Windward Engine FAQ

How does my Engine license work with my production, development, testing, staging, and fail-over servers?

All need to be licensed. If you have many environments then perhaps paying per report may be best for your deployment.

What is the RESTful Engine and why would I use it?

The RESTful Engine lets you generate documents from an application using a programming language other than Java or the .NET family of languages. To access the RESTful Engine, you make a Web Service call from your application. With the RESTful Engine, the document generation is not married to the application. The application makes a call to the RESTful Engine server and the RESTful Engine returns the desired output.

How are embedded engines (Java and .Net) licensed?

Java and .NET Engines are licensed per server and the number of cores running on each instance of the application server.

Windward License FAQ

Which factors influence the price of my subscription?

Your custom quote is determined by a number of factors, ranging from the number of Windward Designer licenses that are needed to the number of servers required across Development, Test, and Production. Call us today to learn more and receive your custom quote!

How are embedded engines (Java and .Net) licensed?

Java and .NET Engines are licensed per server and the number of cores running on each instance of the application server.

How is the Windward Designer licensed?

The Windward Designer is a concurrent, user-based license and is installed on the user’s desktop.

Questions?

For over 10 years, Windward has lead the industry with our world-class document generation platform that creates visually stunning, data-powered documents designed exactly the way users want and are created in a fraction of the time and cost compared to existing solutions. Proudly located in Boulder, Colorado, Windward Studios is the premier solution for developers and business users adding reporting and document generation capabilities to their applications in over 70 countries around the world.

© 2019 Windward Studios Inc.