Security Considerations for Installing SQList

SQList is an application installed on the client’s infrastructure, it includes a Windows Desktop Application and a Windows Service component.
This type of application is inherently not vulnerable to web based attacks (e.g. cross-site scripting or SQL injections), typical of cloud based applications.

This document outlines the security considerations relevant to the installation and operation of SQList. Given its straightforward architecture, a formal security assessment has not been deemed necessary, as the design inherently mitigates risks to the client’s infrastructure.

Security Considerations

• Environment Configuration: SQList is capable of operating within a sandboxed environment, eliminating the need for external connections and ensuring self-contained security.
• Connection Specifications: The application requires connections solely to the client’s designated SharePoint sites and SQL Server databases. These connections are already configured in terms of type, firewall restrictions, and security policies as they are part of the client's infrastructure.
• Communication Protocols: SQList leverages standard HTTPS for SharePoint and TCP protocols for SQL Server, aligning with industry-standard secure communication methods.
• Library Use: The entirety of SQList is built utilizing Microsoft libraries, with the exception of a third-party UI library which has been deemed safe.
• Data Encryption: All sensitive data, including connection strings, are encrypted within the database, which is managed by the client, ensuring data security.
• Licensing: Licence activation with AxioWorks’ servers can be performed either online or manually offline to accommodate various security environments.
• Software Maintenance: AxioWorks conducts regular scans of its development environment for malware and releases updates for SQList, encompassing new features, bug fixes, and library updates. Clients are notified upon release of updates.
• Data in Transit: SQList does not store data during transit, mitigating data leak risks in the event of system malfunction.
• Installation Impact: The application does not necessitate the installation of third-party libraries or modifications to the client’s environment, aside from the necessary access configurations for SharePoint and SQL Server.
• Activity Logging: SQList maintains a log of significant events as well as entries in the Windows Event Log (for warning level and above events), facilitating system health and activity monitoring.
• Cloud Infrastructure: For clients operating within a cloud environment, SQList can be installed on a Windows VM in the cloud.
• Data Locality: As clients maintain control over the databases where replicated data is stored, there are no data locality legal implications.

Additional Technical Details

• Security Certificate and Obfuscation: SQList’s executables and libraries are obfuscated and signed with a certificate to ensure code integrity and to protect against tampering.
• Library Details: Utilization of the CSOM library for SharePoint connections and ADO.NET for SQL Server ensures compatibility and reliability.
• Logging Detail: The application provides detailed logging mechanisms, including a proprietary log and entries in the Windows Event Log, adjustable to monitor operational indicators effectively.

Conclusion

SQList is purposefully engineered to fit securely into a client's existing infrastructure, offering maximum protection for data with minimal operational disruption, while providing the client complete authority over its access to corporate assets.

For detailed technical support or further information, please contact the AxioWorks Support Team at support@axioworks.com