White Paper

Encrypted Connection String

Version 2.4
03-AUG-2021

Version 5.0 onwards

Version 4.1 onwards

Versioning
Document Version Date Author(s) Reviewer(s)
Versioning
2.0 23-Aug-2013 Sebastian Husnik Thomas Lemmer

2.1 26-Aug-2013 Sebastian Husnik Thomas Lemmer

2.2 26-Jan-2013 Sebastian Husnik Thomas Lemmer
Claudia
2.3 08-Oct-2015 Thomas Lemmer
Kleinekemper
Claudia
2.4 03-Aug-2021 Sebastian Husnik
Kleinekemper

Document
Encrypted Connection String
Name

Knowledgebase MOMKB-337

File Name White Paper - Encrypted Connection [Link]

Technologies
uniFLOW
Concerned

Short Summary Explains the creation of encrypted connection strings for accessing the uniFLOW database.

Document Version Topic(s) Changes

Changes
2.0 All New layout.
2.1 All Improved uniFLOW naming.
2.2 All Improved layout and formattings.
2.3 All Extended description for CONNECTIONSTRINGUI
Added note that encrypted connection strings
2.4 Introduction (on page 1)
are not supported by the SQL Connector.

Confidentiality: Internal + Partner (R3P)

Confidentiality: Internal + Partner (R3P)
Disclaimer
NT-ware Systemprogrammierungs-GmbH, all its affiliates, partners and licensors disclaim all warranties,
including, but not limited to, warranties about the accuracy or completeness of statements of this site's/
document's content or the content of any site or external sites for a particular purpose. This site/document
and the materials, information, services, and products at this site/document, including, without limitation,
text, graphics, and links, are provided 'as is' and without warranties of any kind, whether expressed or
implied.
All rights reserved. No parts of this work may be reproduced in any form or by any means - graphic,
electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval
systems - without the prior written permission of NT-ware Systemprogrammierungs-GmbH (hereinafter also
referred to as NT-ware).
Company and product names mentioned herein are registered or unregistered trademarks of their respective
companies. Mention of third-party products is for information purposes only and constitutes neither an
endorsement nor a recommendation. NT-ware assumes no responsibility with regard to the performance or
use of these products. Also, NT-ware makes no claim to these trademarks. Any use of trademarks, logo,
service marks, trade names, and product names is prohibited without the written permission of the
respective owners.
Adlib, Express and Express Server are either registered trademarks or trademarks of Adlib Publishing Systems
Inc.; Adobe®, Adobe® Reader®, Acrobat®, Distiller®, PostScript® and products of the CREATIVE SUITE(S) are
either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other
countries; Android is a trademark of Google Inc.; Apple®, the Apple® logo, Mac®, Mac OS®, Macintosh®,
iPhone®, iPad® and AirPrint® are trademarks of Apple Inc. registered in the U.S. and other countries; Box of
Box Inc.; Blackboard Transact™ of Blackboard Inc.; CANON, imageRUNNER, imageRUNNER ADVANCE, MEAP,
CPCA, AMS, iW AMS, iW Desktop, iSend, iW SAM are trademarks or registered trademarks of Canon Inc.;
CardSmith® is a trademark of CardSmith LLC; CBORD CS Gold® of the CBORD Group Inc.; Crystal Reports and
other Business Objects products and services mentioned herein as well as their respective logos are
trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company;
Dropbox of Dropbox Inc.; eCopy™, eCopy ShareScan® and eCopy ScanStation™ are marks or trademarks of
Nuance Communications, Inc.; Evernote® of Evernote Corporation; FileNet® of IBM Corporation; Foxit®SDK
and Foxit® Reader of Foxit Corporation; Google Docs of Google Inc.; Google Cloud Print™ web printing service
is a trademark of Google Inc.; Helix™ Production Workflow is a trademark of NT-ware
Systemprogrammierungs-GmbH; HP, HEWLETT-PACKARD, PCL and LASERJET are registered trademarks that
belong to HP Inc.; KONICA MINOLTA is a registered trademark of KONICA MINOLTA Inc.; iOS® of Cisco
Technology Inc.; iDRS™ SDK and IRISConnect™ are unregistered trademarks of I.R.I.S. Group S.A.; JAWS pdf
courier™ are trademarks of Global Graphics SA.; Microsoft®, Windows®, Windows Server®, Internet
Explorer®, Internet Information Services, Microsoft® Word, Microsoft® Excel, Microsoft SharePoint®,
Microsoft SharePoint® Online, OneDrive®, One Drive® for Business, SQL Server®, Active Directory®, Hyper-V®
are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other
countries of Microsoft Corporation; Mopria Print Service of Mopria Alliance Inc.; Neevia Document Converter
Pro™ of Neevia Technology; NetWare®, Novell®, Novell eDirectory™ of Novell Inc. are registered/unregistered
trademarks of Novell Inc. in the United States and other countries; MobileIron® of Mobile Iron Inc., Océ, Océ
PlotWave®, Océ ColorWave® and PRISMA are trademarks or registered trademarks of Océ-Technologies B.V.
Océ is a Canon company, [Link]™ of Oracle Corporation; PAS™ is a trademark of Equitrac Corp.;
PosterJet is copyrighted and an internationally registered trademark of Eisfeld Datentechnik GmbH & Co. KG;
RedTitan EscapeE of RedTitan Limited; NETAPHOR®, SiteAudit™ are trademarks of NETAPHOR SOFTWARE
Inc.; SAMSUNG is a trademark of SAMSUNG in the United States or other countries; Therefore™, Therefore™
Online of Therefore; UNIX® is a registered trademark of The Open Group; uniFLOW®, mdsFLOW®, uniFLOW
Serverless Secure Printing®, Helix Production Workflow®, MIND®, microMIND®, and MiCard® are registered
trademarks of NT-ware Systemprogrammierungs-GmbH; pcProx®, AIR ID® are registered trademarks of
RFIdeas [Link]; CASI-RUSCO® is a registered trademark of ID Card Group; Radio Key® is a registered
trademark of Secura Key; GProx™ II is an unregistered trademark of Guardall; HID® ProxHID is a registered
trademark of HID Global Corporation; Indala® is a registered trademark of Motorola; ioProx™ is an
unregistered trademark of Kantech; VMware vSphere® and VMware vSphere® Motion® are registered

Confidentiality: Internal + Partner (R3P)

trademarks of VMware; Xerox, Xerox and Design, as well as Fuji Xerox and Design are registered trademarks
or trademarks of Xerox Corporation in Japan and/or other countries.
All other trademarks, trade names, product names, service marks are the property of their respective owners
and are hereby acknowledged.
While every precaution has been taken in the preparation of this document, NT-ware assumes no
responsibility for errors or omissions, or for damages resulting from the use of information contained in this
document or from the use of programs and source code that may accompany it. NT-ware does not assume
any responsibility or liability for any malfunctions or loss of data caused by the combination of at least one
NT-ware product and the used operating system and/or third-party products. In no event shall NT-ware be
liable for any loss of profit or any other commercial damage caused or alleged to have been caused directly
or indirectly by this document.
In addition, this manual provides links to the sites of affiliated or independent companies and certain other
businesses. NT-ware is not responsible for examining or evaluating, and NT-ware does not warrant the
offerings of, any of these businesses or individuals or the content of their websites. NT-ware does not assume
any responsibility or liability for the actions, product, and content of all these and any other third parties. You
should carefully review their privacy statements and other conditions of use.
Wednesday, August 4, 2021, Bad Iburg (Germany)

Important Note
Serious problems might occur if you modify the registry of your Windows operating system incorrectly. These
problems might require that you reinstall the operating system. We strongly recommend to always back up
the registry of your Windows operating system before applying changes to it, just in case you do something
wrong. NT-ware does not assume any responsibility or liability for any impact on the operating system after
changing the registry. You understand and accept that you use this information and modify the registry of
your Windows operating system at your own risk.
uniFLOW and corresponding components like Web Submission and Internet Gateway rely heavily on their
SQL databases. We strongly suggest that you refrain from modifying these SQL databases manually without
prior consultation from the NT-ware support team. NT-ware does not assume responsibility or liability for
possible impact on your uniFLOW environment after modifying any of the SQL databases.

Copyright and Contact

NT-ware Systemprogrammierungs-GmbH
Niedersachsenstraße 6
49186 Bad Iburg
Germany
[Link]
Tel: +49 - 54 03 - 7243 - 0
Fax: +49 - 54 03 - 78 01 03
Email: info@[Link]
Register of Companies: Amtsgericht Osnabrück
No. of entry in Register of Companies: HRB 110944
Chief Executive Officer: Karsten Huster
Responsible according to § 6 MDStV: Karsten Huster
VAT registration no. according to §27 a Umsatzsteuergesetz: DE 230932141
©1998-2021 NT-ware Systemprogrammierungs-GmbH.

Feedback
Should you come across any relevant errors or have any suggestions, please contact documentation@nt-
[Link] or use the Send feedback here button of the uniFLOW Online Help.

Confidentiality: Internal + Partner (R3P)

Technical Support
Your dealer will provide first technical support services. Before you contact the dealer for technical support,
ensure you have read this document.

Confidentiality: Internal + Partner (R3P)

How to use this Document
Text Styles
This style is used for text that is displayed on screen.
This style is used for text the user has to type in.
This style is used for hyperlinks to web pages, internal links to other pages in this manual.
This style is used for code examples: XML code, variables or regular
expressions.

Pictograms

Important Note:
Information that is crucial for the correct functioning of the software.

Further Information:
Pointer to additional manuals, installation manuals, white papers or the NT-ware
Knowledgebase.

Region Specific Feature:

Indicator for features that are not available worldwide.

External Link:
Link to an external web page.

Settings:
Detailed explanation of configuration settings or operational procedures.

Compass:
Path to the menu or configuration page in the software.

Screenshots and Diagrams

This manual contains screenshots of the software, diagrams explaining relations and pictures of products.
Even though all visuals are up-to-date at the time of writing, they are subject to change.

Language and Translations

This document has originally been written in English language. Translations of this document are based on
the English original. Some screenshots, diagrams and pictures in this document may not be translated and
appear in English language only.

Send Feedback
Should you come across any relevant errors or have any suggestions please contact documentation@nt-
[Link] or use the Send feedback here button of the Online Help.

Confidentiality: Internal + Partner (R3P)

About this Document
This document is delivered as part of the device / the software from NT-ware. Please read this document
before using the device / the software and keep this document or the link to an online version of this
document for future reference. Please make sure that all persons operating the device / the software are
familiar with this document. Please observe all instructions given in this document. Installation, configuration
and maintenance must only be performed by sufficiently qualified personnel. Failure to comply with this
document may void the warranty.
Every effort has been made to ensure that the contents of this manual are accurate. However, NT-ware
reserves the right to make changes without notice.

Confidentiality: Internal + Partner (R3P)

Confidentiality: Internal + Partner (R3P)
Contents

Contents
Versioning

Disclaimer

How to use this Document

1 Encrypted Connection Strings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

1.1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Connection String Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

I
Confidentiality: Internal + Partner (R3P)
Encrypted Connection Strings

1 Encrypted Connection Strings

1.1 Introduction
Connection strings are entries in the Windows registry which contain all data necessary
for full access or read-only access of the uniFLOW database.
There are two connection strings in the Windows registry:
▪ Connection string for full database access:

32-bit systems:
\HKEY_LOCAL_MACHINE\SOFTWARE\NT-ware\Mom\CONNECTIONSTRING

64-bit systems:
\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NT-
ware\Mom\CONNECTIONSTRING
This connection string has the following value data:
Provider=SQLOLEDB.1;Persist Security Info=True;User
ID=pbaip;Password=password_in_clear_text;Initial
Catalog=DsPcDb;Data Source=(local);Use Procedure for
Prepare=1;Auto Translate=True;Packet Size=4096
▪ Connection string for read-only database access:

32-bit systems:
\HKEY_LOCAL_MACHINE\SOFTWARE\NT-ware\Mom\CONNECTIONSTRINGUI

64-bit systems:
\HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NT-
ware\Mom\CONNECTIONSTRINGUI

This connection string has the following value data:

Provider=SQLOLEDB.1;Persist Security Info=True;User
ID=uFReader;Password=Password=password_in_clear_text;Initial
Catalog=DsPcDb;Data Source=(local);Use Procedure for
Prepare=1;Auto Translate=True;Packet Size=4096
The connection strings are installed with each uniFLOW installation by default. As you
can see, the user name and password for the database connection are written in clear
text. In most cases this is no problem as the connection strings reside on the uniFLOW
server and the uniFLOW server is not accessible for users other than the administrator.
However, in some companies the security regulations require encrypted connection
strings.
From uniFLOW OM V4.1.2 onwards uniFLOW offers the possibility to encrypt
connection strings on a project basis ensuring that it is no longer possible to read out
the user name or password for the database connection.

1
Confidentiality: Internal + Partner (R3P)
Encrypted Connection Strings

If you need Connection String Encryption, please consult the NT-ware project team, as
the file required for Connection String Encryption ([Link]) is not provided with
the standard installation.

SQL Connector
The SQL Connector does not support encrypted connection strings.

1.2 Connection String Encryption

To generate the Encrypted Connection String, you have to use the [Link] tool
that can be requested from the NT-ware project team on a 'project basis'.
Before you start using the tool, you should read the following description as some
important points should be considered.
Note that it is important to run this tool on the uniFLOW server itself. It does not work
on any other machine.

Encrypted Connection String Creation

The following steps have to be carried out for each connection string that needs to be
encrypted. The steps are identical for each connection string. Note, though, that the
user name and password for each connection string are different.
1. Stop the uniFLOW Server service. For information in this regard refer to chapter
"uniFLOW Admin Service" in the uniFLOW User Manual.
2. Run the tool [Link] with administrative rights on the uniFLOW server itself.
3. Proceed as described in the following screenshots.

2
Confidentiality: Internal + Partner (R3P)
Encrypted Connection Strings

a. Choose Microsoft OLE DB Provider for SQL Server on the Provider tab.

b. Tick Allow saving password, enter the relevant user name and the corresponding
password of the connection string that shall be encrypted and select the database
that shall be accessed on the Connection tab.

3
Confidentiality: Internal + Partner (R3P)
Encrypted Connection Strings

c. Confirm the settings with OK. Afterwards, the Connection String and the
Encrypted Connection String will be displayed.

d. Mark the Encrypted Connection String and copy the string.

4. In the Windows registry, create a new String Value CONNECTIONSTRINGENCRYPTED

as REG_SZ type under:
\HKEY_LOCAL_MACHINE\SOFTWARE\NT-ware\Mom\
5. Delete the unencrypted original connection string.
6. Start the uniFLOW Server service.
If you run the [Link] with the parameter -ShowClearTextCS ([Link] -
ShowClearTextCS), then the original Connection String is also displayed in clear text in
the encryption result window.

4
Confidentiality: Internal + Partner (R3P)
Encrypted Connection Strings

Repeat the above steps for the encryption of the CONNECTIONSTRINGUI.

Unencrypted Default Connection Strings Example

Encrypted Connection Strings Example

5
Confidentiality: Internal + Partner (R3P)