We wanted to take time to highlight some changes that will be coming to the SDK web service in the next update of DLS. The changes are centered around reducing potential security risks as well as improving the overall end-user experience.
- Behavior change for disconnected users
In the upcoming version of DLS, the web service for each user will suspend itself if the user disconnects (either due to fast-user switching or temporary RDP session disconnect on a remote machine). Once the user becomes active again, the service will resume. This will ensure that only one instance of the web service is active at any given time (NOTE: for Windows Terminal Server multiple users can be active simultaneously so multiple web service instances can be running) and will prevent any issues dues to multiple web service instances.
- Random certificate generation
Root and exchange certificates will be generated randomly using strong cryptographic keys during DLS installation and discarded immediately after installation. This ensures the certificates are unique for every DLS installation and adds an extra layer of security to the DYMO SDK web service.
- Firefox changes
The new web service for DLS Windows does not install a root certificate into Firefox’s local keychain. Instead, it enables Firefox’s built-in feature which allows Firefox to user OS certificates. This flag is set on DLS installation and removed on DLS uninstallation.