What are your assertions about the security of your Electronic Signature Fields add-on?
There are no specific tests or documentation to demonstrate the security, you can refer to the FDA CFR 21 part 11 documentation for details. But when the team was initially developing the plugin, they looked at the requirements and made the plugin compliant with those.
Are the credentials stored anywhere on the server logs? Can someone who has access to the server see/obtain user credentials?
The logs are stored to the Jira Database but without credentials. It means though someone has access to the server he/she will not be able to see/obtain user credentials.
Does the add-on link to our current LDAP via your Cprime plugins configuration-LDAP configuration?
Our plugin uses usernames\passwords related to accounts in Jira. So to use our plugin no special settings needed.
We would like to know where the data is stored in the backend, like MySQL tables etc. And can you make sure that these details are in encrypted format?
We do not store the passwords, only user keys and time are stored. The data is stored in Jira base. Please find the data storage example below:
| ID | ISSUE | CUSTOMFIELD | PARENTKEY | STRINGVALUE | NUMBERVALUE | TEXTVALUE | DATEVALUE | VALUETYPE | UPDATED |
|---|---|---|---|---|---|---|---|---|---|
| 10000 | 10100 | 10100 | null | \\{"username":"admin","time":1538481863970,"issueKey":"TEST-7"} | null | null | null | null | 1538481863988 |