Data protection

All Permission Analyzer settings (such as LDAP connections) are automatically saved using an encryption with a built-in hidden* key. Users, however, can opt to protect their settings and access to the application with their own passwords. The application will subsequently only be accessible after start up once the correct password is entered. Passwords themselves are not saved; only a ‘one-way’ hash code of the password is stored. Permission Analyzer uses an advanced hash algorithm (PBKDF2WithHmacSHA1), making it impossible to crack or retrieve passwords.

Alternatively, you can also choose to encrypt the local database completely with both your own password to access the database as well as an AES encryption on the database content. This will however result in database interaction becoming 2.5 times slower.

Please keep in mind that if you encrypt the application with a password, you will have to enter the password when running automatic scans or have reports exported via Windows Scheduled Tasks. Use the application parameter -password mypassword.

* Permission Analyzer’s application code is encrypted and it is very difficult, but not impossible, to retrieve textual values, such as the default built-in password.