This page contains frequently asked questions about our product.
Why do you ask for data store connection details for each upgrade?
We have applied security best practices to the design of our system. It is a security best practice to access a data store with the minimum of permissions necessary; this protects the data store from viruses, worms and trojans, or malicious actors who gain access to the store. This best practice is known as the principle of least privilege. Wikipedia: https://en.wikipedia.org/wiki/Principle_of_least_privilege
To apply the principle of least privilege, it is necessary to segregate the data access needs of day to day system operation from those needed for any occasional, high security operations that might need to be performed. Upgrading a data store is a very infrequent operation, but requires a very high level of privileges on the data store. As a result, we ask for credentials each time we need to modify the structure of the data store, so that you can give us connection details that grant us those additional privileges. Those details are used only for the upgrade, and are not stored, so that there is no risk that they could be revealed to another application or person.
To make best use of the system, you should run your day to day operations using a connection with a limited set of privileges. For relational databases that support stored procedures, we require only the ability to execute the stored procedures, and nothing else. This is done through the use of a security principal that we create during the initialisation of the data store - but you are responsible for granting the principal to the account associated with the connection details you provide for day to day operations, as this is not something we can determine how to do in your environment.
Why is the data store initialisation/upgrade process running repeatedly?
This indicates that the day to day connection details you provided when the application first started do not grant us sufficient privileges to check the condition of the data store. As a result, we assume that the data store needs to be initialised from scratch, as this is what happens when the data store is empty.
After the data store is initialised, you must grant the appropriate privileges to the account under which you access the data store for day to day operations, as detailed on the screen that confirms that the upgrades are complete. If you do not do this, we cannot access the data store.
Please read the instructions carefully, and be sure to grant the permissions to access the data store.
What information does DotNotStandard have about me?
The application does not share your information with DotNotStandard. By default, this means we know nothing about you. Our application is designed to keep your information within your environment - the very architecture on which the system is built was chosen carefully to ensure this.
If you choose to share information with us, such as log entries, please remove all personal or sensitive information from the data before sending it to us. Remember that email is inherently insecure, and sharing any personal or sensitive information via email or on publicly visible forums puts you at risk.
How can I find out about new releases of the product?
The blog that forms part of this documentation site is used to publish information about changes to the product, including each time a new release is made. If you wish to know about new releases, you could subscribe to the RSS or ATOM feeds.