Dynamic data import / export


simply more productive
Up to 100,000 records can be processed with the freeware version!
  • Home
  • News
  • Security and encrypted Definitions

Security and encrypted Definitions

In times when crimeware like Emotet, ransomware trojans and other malware are causing more and more damage, in accordance with the principle "security first" we have decided to store Definitions and projects in encrypted form by default.

Background: The problem with FlowHeater Definitions was that embedded C# and VB.NET scripts, SQL Statements and external CMD or PowerShell scripts were embedded in XML as plain text. A potential attacker could relatively easily amend these and they would then be executed with the rights of the user on the next execution.
As of this version, therefore, no further information is stored in unencrypted form apart from the version number, architecture used and execution settings. The Definition file or project file (.FHD) is still based on pure XML. Old (unencrypted) Definitions can of course still be processed. However, we recommend that you open it once with the FlowHeater Designer and save it again with the current version. In this way you will automatically benefit from the increased security; there are no further settings to be made.

Security information: We are very concerned about security. For years, we have consistently relied on code signing via an extended validation (EV) code signing certificate from DigiCert, which today meets the highest security requirements. In addition, all program versions or file archives are subjected to intensive automatic tests before they are made available online and checked for possible malicious code with VirusTotal that includes about 60 state-of-the-art virus scanners.

Release notes for version 4.1.8 on April 4, 2020

Further changes

User .NET script libraries

Until now, user scripts had to be saved manually somewhere and then, if necessary, laboriously searched for and embedded. The .NET Script Heater now allows you to store your own scripts in a script library. The script library is automatically included at startup and the scripts can be accessed just like normal "internal" Heaters/Functions: scripts can be simply dragged onto the design area in FlowHeater Designer like built-in Heaters. The script path where these functions are stored can of course be customized in FlowHeater Designer using "Menu->Extras->Options". To ensure that the same scripts are always used from different computers or in a team, UNC paths or network drives are naturally supported in addition. Organization of the scripts can easily be realized with subfolders. If the scripts are gathered in subfolders in the specified script path, the name of the subfolder is used as a group name. For illustration purposes, sample scripts for C# and VB.NET are included. These scripts are found under the group names "Example Scripts (C#)" and "Example Scripts (VB.NET)".

New Hash Heater

As the name suggests, the Hash Heater can be used to calculate hash values of strings (FlowHeater data type STRING) or binary data (FlowHeater data type RAW). Currently the hash algorithms "MD5", "SHA1", "SHA256", "SHA384" and "SHA512" are supported. If hash values are to be formed from character strings, the character set (Codepage) to use can also be selected in the Hash Heater. It is also possible to calculate the hash values of files in connection with the File Heater.

New RegEx Heater

With the new RegEx Heater regular expressions can be applied on strings. Regular expressions are often used in software development to validate data such as email addresses and telephone numbers or to decompose character strings according to certain patterns and for the replacement of recognized patterns in character strings. With the RegEx Heater these powerful functions are now also available in FlowHeater. The operators IsMatch, Match, Replace and Split are available.

Improved troubleshooting of FlowHeater Server

As of this version FlowHeater Server logs the environment variables defined, the available drives and whether all the prerequisites for a possible execution of a Definition involving an Excel Adapter are met. Concerning the latter, there were always difficulties with Excel COM automation, which led to prolonged error analyses. Further information can be found in the following Support Forum entry: Flowheater Server Installation Fails
Logging takes place independently of the log level setting. In the event of an error, the Log File can be used to quickly check whether drives can be accessed from the FlowHeater Server or whether necessary environment variables are defined and have been set correctly.