SCN # | SCN-00000003 |
Title of SCN | Client Config File Change |
TRAC # | #15113 |
Effective Version | 9.3.18 – Public 9.4 |
Products Affected | Client |
Reason for Change (Summary) | Enhancement – Security Compliance |
Change
The exacqVision Client’s configuration file (edvrclient.ini) will no longer be used. Historically, this file was saved in the local User’s home directory, and was encrypted to hide the saved credentials.
The new XML will be formatted according to evCLI standards and saved in the following locations:
Windows: %AppData%\edvrclient\edvrclient.xml
Linux: $HOME/.edvrclient.dir/edvrclient.xml
Mac: $HOME/Library/Application\\ Support/edvrclient/edvrclient.xml
After upgrading, the new workflow for the Client when launched will be the following:
- If not found, the Client will generate a per user unique 256bit AES GCM encryption key file (edvrclient.xdk)
- Saved alongside the new XML in the above locations.
- Machine specific, will not work if transferred to another machine.
- If no XML is found, the legacy .INI config file will be loaded and the XML will be saved in the new location. Only the password elements will be encrypted. Everything else will be standard text and editable.
- The legacy .INI file will remain intact for downgrade support, but will no longer update as you make changes to the Client.
- If the decryption fails, all config elements will be loaded, Systems will attempt to connect, but will result in a failed login state.
- If no legacy .INI or .XML is found, the Client defaults will be loaded and saved to a new XML.
- Every 30 seconds, the Client will check for changes and re-save the XML, (no longer needs to be closed to save the current view).
Additional Documentation
https://trac.exacq.com/DVR/wiki/ClientSettings
evCLI documentation is now included in the install directory: evCLI.pdf
Other information
Old encrypted INI:
New XML with only the passwords encrypted:
This new XML can be modified and re-saved as an .XDV file to launch the Client with specified settings. However, a copied encryption key will not work on another system.
To accommodate customers that want to deploy an XML or XDV with credentials, a new CLI element has been created: PasswordType
By default this will be set to 3 (MachineSpecific), but this can be edited to 0 (Plaintext) and a password can be typed into the XML. For example, the following line:
<System Address="hybrid.exacq.com" Port="22609" Group="" Name="exacqVision Hybrid Server" Username="trialclient" Password="dV8t5d5C8UHxQZqI8UGaiJxSKsLe275uJas5mJI+kyOV+MZCJ3tbecNIEIifMAhd" PasswordType="3" Enabled="1"
Could be changed to:
<System Address="hybrid.exacq.com" Port="22609" Group="" Name="exacqVision Hybrid Server" Username="trialclient" Password="februrary2011" PasswordType="0" Enabled="1"