The company Windward does not have access to your data.
The Windward program only reads from your data, with the following caveat. A user can write any select for a tag and that tag could include a command to to change the datasource. Therefore, we recommend that you provide read-only credentials to any datasource you pass to Windward to enforce this restriction.
With SQL and OData (JSON & XML are read-only files so not an issue), there are three modes you can specify for setting parameter values.
1) Always use the connector setParameter() call - which precludes any injection attack.
2) Always use string substitution - which will allow an injection attack.
3) Mixed mode where parameter names starting with an _ like _var are string substitution and the rest are setParameter().
The default is the third mode which assumes the template designers will use _var carefully and appropriately.
The designer stores the credentials to each datasource in the template one of three ways.
1) In clear text (uuencoded, but no encryption).
2) They are encrypted for the logged in user using System.Security.Cryptography.ProtectedData and on subsequent use decrypted, only for that same user.
3) They are not stored and have to re-entered each time the template is opened.
The default is mode 1 which assumes designers point to a sample datasource.
First, if you turn on verbose logging, that will include template and data content. And even error or fatal logging can include template content and/or data in the exception information logged. The logging does try to scrub passwords from the info logged, but it works based on expected patterns for a password (i.e. "password=secret"). Second, the XPath 1.0 libraries are susceptible to XXE attacks. Always use the XPath 2.0 (Saxon) libraries for XPath datasources.
We believe so (is anyone 100% sure?). We do this by not seeing or touching your data in any way.
We never have access to your data. The Windward program runs on your system and the data it reads is merged into the generated report – and that’s it.
Note: When we say “we never see your data” we mean the company Windward never sees your data. Obviously, the Windward program does see your data as it merges it into the generated report.
All need to be licensed. If you have many environments then perhaps paying per report may be best for your deployment.
The RESTful Engine lets you generate documents from an application using a programming language other than Java or the .NET family of languages. To access the RESTful Engine, you make a Web Service call from your application. With the RESTful Engine, the document generation is not married to the application. The application makes a call to the RESTful Engine server and the RESTful Engine returns the desired output.
Java and .NET Engines are licensed per server and the number of cores running on each instance of the application server.
When it starts, each time it generates a report, and when it exits.
When you start or exit Microsoft Word, Excel, or PowerPoint. Even if you never use the designer in Office, running Office is running the designer.
At the start of running a report to verify that your license is active. And at the end of running a report to update the license server with the number of pages generated.
The license server is running on Azure data-centers in the U.S., Europe, & Australia. If all three Azure data-centers go down, then the world is probably facing much larger problems than running your report.
Then you cannot generate reports. If the designer has already started you can continue to design templates, but you cannot generate test output.
*** The PRO subscription (not scale out) can run for awhile without a connection to the license server.
Go to https://license.windwardscout.net/about and you will see a status message from the license server if everything is ok. This does not test your license key, just that your computer can communicate with the license server and the license server is running properly.
Yes, but to the advantage of our customers. If you run a report that hits or exceeds your scale out or overages limit, but that information is not yet written to the database, then you can run an additional report. When the additional numbers are written to the database, you are now over the maximum charge you set. In this case your bill will be the maximum and Windward throws away the additional charges.
It passes your license key, the username the program is running under, the version of the program, MAC addresses for network interfaces on your machine and the local IP address of the computer. On completion of a report it passes the number of pages generated. For a scale out server it may pass the datetime of previous reports generated.