Introduction 


A new section appears in the left panel System Security. This section contains two further items:


  • Data Security 
  • HMAC Verifications 


HMAC Verifications 


When a user installs the Web RA application as a new instance, HMAC will be enabled by default. 


What is HMAC?


Hash-based Message Authentication Code (HMAC) is a message authentication code that uses a cryptographic key in conjunction with a hash function. 


HMAC provides the server and the client each with a private key that is known only to that specific server and client. The client creates a unique HMAC or hash, per request to the server by hashing the request data with the private keys and sending it as a part of the request. 


How It Works?


  • When a user enables the HMAC check box, the system will start computing and calculating HMAC of each request made with the database. 


 

                                     




  • In the next step, a drop down appears under the Enable HMAC Verification check box that is used to configure algorithm for HMAC computation. Web RA supports the following algorithms for HMAC computation:


  • HMAC SHA - 256
  • HMAC SHA - 384
  • HMAC SHA - 512 




                                     



The HMAC verification check box enables the system to verify the data integrity of the entire data of the application. 


  • It configures the interval for core thread to verify data integrity using HMAC and generate verification report, send them to the configured email addresses of the operators. The interval field describes the number of days and the time describes the execution time of core thread. 
  • It verifies each request enabled to verify data in each request retrieved from the database. This sections shows the red alert in the list, with a detailed view of the records and sends email to the configured email addresses in alerts for each request. 
  • The email address for alerts describe email addresses that will receive the HMAC verification report. 
  • After enabling the HMAC verifications in the configurations, all invalid or tampered records in the lists will be displayed as red. 
  • When a specific record is viewed to see the details, a red roaster message will appear 'This data has invalid HMAC' as shown below: