Chapter 6: System Security >

6.6 Encryption

If necessary, you can direct AcuServer to encrypt all data exchanged between AcuServer and a given requester (a client connection).

---

Note: The use of encryption can have a significant performance cost. The performance cost is determined by the quantity of data being exchanged, the speed and bandwidth of the network, and the computational power of both the client and AcuServer host machines. If you plan to use encryption, prior to deployment you should test and benchmark your application with encryption enabled to ensure that your performance requirements are met.

---

Encryption is enabled with two configuration variables: ENCRYPTION_SEED and AGS_SOCKET_ENCRYPT. Once encryption is turned on, it remains on until the program terminates and the connection with AcuServer is closed.

The configuration variable ENCRYPTION_SEED must be set in both the AcuServer configuration file and the runtime (client-side) configuration file. The value of ENCRYPTION_SEED is used to initialize the encryption facility. For more information, see ENCRYPTION_SEED in section 4.2.2, "Server Configuration Variables."

The configuration variable AGS_SOCKET_ENCRYPT must be set to "on" in the runtime configuration file. If it is set within the program, it must be set to "on" before the application opens its first remote file. The default value of AGS_SOCKET_ENCRYPT is "off".