Encryption

Requests to the server, including usernames, passwords, and file paths, are always protected by AES encryption.

Clients may also request content encryption.  Refer to the documentation for ExpeDat Desktop, DropDat, movedat, or syncdat for details.

Administrators may ensure that data content is always encrypted by setting the server's RequireEncrypt option to "1".  When this is enabled, transactions without content encryption will be rejected with an error telling the user that they must enable encryption.

Using encryption will increase the CPU load of both the server and the client computers which may cause a reduction in performance.  On modern CPUs, about one available CPU core is needed to support each gigabit per second of encrypted throughput.

Administrators may prevent content encryption by setting the server's AllowEncrypt option to "0".  Transactions requesting content encryption will then be rejected with an error telling the user that content encryption is not supported.  Request data, including usernames, passwords, and file paths, are always encrypted regardless of this or other settings.

For more general information about application security, see Tech Note 0016.

Security Spaces

A security space is a group of servers and the clients which are permitted to talk to those servers.  A server will not allow transactions from a client which is not a member of one of that server's security spaces.  A client cannot perform transactions with a server which is not a member the client's security space.

Most ExpeDat licenses belong to the "DEI" security space, which allows interoperability between all standard ExpeDat clients and servers. 

Customers wishing to restrict access more than the usual username and password authentication may request a private security space.  With a private security space, only those clients issued to that customer may access that customer's servers.