Frequently Asked Questions

Version 4 - Reviewed: April 25, 2020

Get me out of here, I'm on Hammerhead.

Security Overview

  1. The TariffShark architecture consists of 3 tiers: database, application, and client. Clients connect to the application server using usernames and passwords, which are managed within TariffShark. The application server connects to the database server using either a SQL Server Login or a Windows account created specifically for that purpose. Therefore, TariffShark application users are not authenticated individually against SQL Server. Instead, they indirectly "share" the same database credentials.
  2. A one-time handshake must be made between all TariffShark clients and a TariffShark application server. We call this "client registration". Among other things, the client registration process returns unique encryption keys to the client machine (this is a security measure). In order to protect your TariffShark application server from accepting random client registrations, a secret key must be supplied by the user when registering. Establishing the secret key is a configuration step when installing and settting up the TariffShark application server.
  3. TariffShark users must login to an application server.
  4. Before users may login, however, security roles and user accounts must be configured. TariffShark ships with one default user account, which is configured as an administrator. You must use this account to bootstrap your required security configuration as follows:
    1. Update the password on the default administrator user account so that it is no longer the default password provided with TariffShark.
    2. Determine who will be your security administrator(s).
    3. Create account(s) for this person/these people and assign them the "Security Officer" role (which is a default role that is provided with TariffShark).
    4. Your security officer(s) must...
      • Review the default roles in TariffShark.
        • Administrator
        • Configurator
        • Editor
        • Publisher
        • Read Only
        • Security Officer
      • Adjust them per your security requirements.
      • Create new roles per your security requirements.
      • Create user accounts per your security requirements.
      • Tie user accounts to roles per your security requirements.