The appearance of many areas of the DocuWare Web Client can be customized. For example, you can change the colors or use a different logo than the DocuWare logo.
The files for the DocuWare Web Client can be found under
C:\Program Files\DocuWare\Web Client Server\Web Common\DocuWare
(unless you specified a different path at installation). Here there are five subfolders: Languages, Resources, Services, Themes and TVDThemes. You must not rename these folders or their subfolders under any circumstances.
When you install a service pack or update, the Web Common folder mentioned above, which contains subfolders of style sheets, graphical elements, etc., is created as a completely new folder. This does not overwrite the old version of the folder, but simply renames it to
Web Common.BeforeUpdate_<Date>_<Time>.
If you had defined customizations, you will have to implement these again after installing the update or service pack (see below).
8.4.1
Replacing Graphical Elements
Most graphical elements should not be changed, as the images serve as a guide to users. However, you can if necessary replace the DocuWare logo with a different one: You will find the associated file Logo.gif under
C:\ Program Files \DocuWare\Web Client Server\Web Common\DocuWare\Themes\DocuWare\Login\. You can replace this file with another one with the same name. The new logo should not be bigger than the DocuWare logo.
If you had replaced graphical elements and you want to continue using this customization after installing the update or service pack, you must copy the relevant files back to the appropriate place under the Web Common folder. Your customized files are located under the folder
Web Common.BeforeUpdate_<Date>_<Time>. (See also Customizations (on page 160))
8.4.2
Changing Colors
The colors used on the Web Client are defined in various style sheets. You can use these to change the colors as you like. The style sheets (*.css) can be found under
C:\ Program Files \DocuWare\Web Client Server\Web Common\DocuWare\Themes\DocuWare\ in the relevant subfolders. For example, the style sheet for the default result view is located in the DWGrid subfolder. You can see which colors are used for what from the comments in the style sheets.
If you had customized style sheets and you want to continue using these after installing the update or service pack, you will have to edit the new style sheets accordingly. You cannot simply copy the old style sheets into the new path.
You will find the old style sheets under the folder Web Common.BeforeUpdate_<Date>_<Time>. You can copy your changes from the old to the new files. (See also Customizations (on page 160))
Stamp and Electronic Signature
9.1
Conditions of use for electronic signatures
The conditions of use for electronic signatures described below refer to Germany and the German Signature Act. Conditions of use in other countries may be similar. Please be sure to observe the legal provisions pertaining in the country in which you wish to use electronic signatures.
All devices used as chip card terminals must be verified and confirmed chip card terminals under the terms of the Signature Act and Signature Ordinance and must implement the Microsoft Crypto API. Under the terms of the Signature Act and Signature Ordinance, only signature creation devices that have been verified and confirmed as secure may be used as personalized chip cards.
Administrative conditions of use
When Qualified Electronic Signatures are being used, the administrator must follow the following security guidelines:
The DocuWare 5 client must be installed on a dedicated computer. The DocuWare 5 server must also be installed on a dedicated computer. The individual components can be installed either on a single computer (single-mobile installation) or on different computers. For a detailed description of the different types of installation, see the DocuWare Installation Manual. If you are using a network installation, the administrator must ensure that the clients and servers communicate with one another over secure lines within a protected environment.
Access to the computer in question from another computer within the local network must be prevented by means of a locally installed packet filter mechanism. The opening of connections by applications on the computer itself must be restricted to the IP addresses, ports and protocols it requires for operation.
The computer on which the client and/or servers are installed must be located in a room that can only be entered by authorized personnel. Before installation and during operation of the product it must be ensured that the security of the computer and of the installed operating system have not been and are not compromised. The DocuWare software itself is signed and cannot be started if this is manipulated, as the signature will then be broken. The operating system installed on the computer must be kept up to date by installing security fixes and updates as they become available. No other operating system must be active at runtime (no virtual machines).
Access to the DocuWare storage structure must be reserved for DocuWare servers only (DocuWare Content Server). No other users may have access to it. This can be ensured using the Windows rights structure.
DocuWare workstations that are used to create Qualified Electronic Signatures must be run on an internal network that is protected against external attack by a firewall. Access from public networks to the local network on which the computer resides must be prevented by a router that has been
appropriately configured. In addition, an up-to-date virus scanner must be installed on the workstation.
The chip card terminals used must be directly connected to the computer on which the DocuWare client is installed and run (no KIOSK systems).
The system clock on the computer on which DocuWare Authentication Server is installed must be accurate. We recommend synchronizing the system clock using a suitable time reference (NTP). Chip card terminals with their own keyboard, secure signature creation devices (signature cards) that implement the Microsoft Crypto API, and qualified certificates must be used to create Qualified Electronic Signatures; the suitability of these terminals must also be verified and confirmed under the terms of the Signature Act and the Signature Ordinance.
The organization administrator must ensure that only authorized persons can create signature stamps, and that only authorized persons can use signature stamps that generate Qualified Electronic
Signatures. We recommend always assigning signature stamps that generate Qualified Electronic Signatures directly to users of the product. The administrator should ensure that it is impossible for signature stamps to be assigned through profiles, roles, or groups.
The organization administrator must ensure the following conditions apply to all persons authorized to use signature stamps or create Qualified Electronic Signatures: these persons must have access only to baskets in DocuWare 5 mode, not in DocuWare 4 mode, and they must not have the right to
administer baskets.
The administrator must ensure that only up-to-date certificates are imported into the Windows certificate store of the computer on which the DocuWare client is installed. The administrator must also ensure that only up-to-date blacklists are imported into the Windows certificate store of the computer on which the DocuWare client is installed. You can ensure this using the functionalities of the Windows operating system (Windows certificate store).
If signed documents are exported from DocuWare, users must ensure that they are protected against unauthorized access.
Baskets used for mass signatures may only be used by authorized persons. This must be ensured by means of Windows security mechanisms.
Use of system resources
DocuWare creates the signature using the Crypto API, a component of Microsoft Windows operating systems. The software used by the signature creation device must implement this interface.
The hash values are created using the accessible .net classes in the System.Security.Cryptography namespace. The hash value is generated in a two-stage process in accordance with the XML Digital Signature standard.
When a user creates a signature, the entire certificate chain, from the user’s own certificate through to the associated root certificate, must be saved in the Window certificate store. The Windows certificate store is a component of the supported Windows operating systems.
When the signature is checked, the entire certificate chain must also be save in the Windows
certificate store of the computer in question. The user certificate can also be saved in the signature if required. In this case, it must not exist in the Windows certificate store of the personal computer on which it is checked.
Stamp and Electronic Signature