Securing EDD Formats

<< Click to Display Table of Contents >>

Navigation:  EDP > Customizability >

Securing EDD Formats

EarthSoft has a strong commitment to information security. From the early days of EDP, the ability to create custom EDD formats has been an important part of the EDP ecosystem. The balance between information security and customizability requires ongoing attention and evolution. Starting with the EQuIS 7.22.1 Build, plain-text EDD format files (i.e., *.xsd) may no longer be used except in EDP Standalone or EDGE or when using Professional EDP with database-level security. Professional EDP (when using application-level security) and Enterprise EDP require that the format be either encrypted by EarthSoft (i.e., *.xse) or be embedded as a resource in a strong-named .NET assembly (i.e., *.dll). Thus, all formats distributed by EarthSoft are either encrypted and/or embedded in a strong-named .NET assembly.


Note: The Generate Format File tool may still be used to generate a plain-text format file (i.e., *.xsd); however, that format file must be embedded as a resource within a strong-named .NET assembly before being used in EDP.



Embedding Format File(s) in a .NET assembly


Many custom and standard formats are already maintained using a Class Library project in Microsoft Visual Studio (see Debugging EQuIS Formats in Visual Studio). To embed the format files in the assembly, do the following:

1.Open the format's Class Library project in Microsoft Visual Studio.

2.Ensure that the format file (*.xsd) and, if applicable, the export file (*-export.xml) are included as files in the project.

3.In Solution Explorer, right-click on the format file (*.xsd) and choose Properties.

4.Next to Build Action, select Embedded Source.

5.If the format includes an export file (*-export.xml), repeat the previous two steps to embed the *-export.xml file as a resource.

Note: Enumeration files (*-enum.xml) do not need to be embedded as a resource and should continue to be distributed along with the format assembly (*.dll).

6.Ensure that the assembly is strong-named and that the strong-name public key token is correctly entered in the ST_CONFIG table (see Approve Strongly Named Custom Assemblies).