Using DAOS on a database forces files attached to an encrypted field within a section to appear at the bottom of the document (vs. within the actual field) and disables all encryption.
-
On a DAOS enabled create a form with a single encryptable rich text field inside a section and add some text below the section.
-
Associate an encryption key with the form.
-
Create a new document, attach any number of files, save and close the document.
-
Edit the document, add any number of new attachments to the field, save and close the document.
PROBLEM: The new files do not appear within the field. They appear at the bottom of the document. In addition, encryption is disabled for the entire document (at this point there is no $SealData field anymore)
The same behavior continues even after removing the section from the form and then editing the document again.
Big problem not only for the user interface but now the existing file attachments within existing documents become unencrypted once the documents have been edited.
Turning off DAOS solves the issue.
Subject: Is DAOS encryption on or off?
Set DAOS_ENCRYPT_NLO=0 in the server’s notes.ini and restart. Rerun this test. Does the attachment stay in place? Does the note stay encrypted?
Subject: Thanks Gary and Matt
Subject: DAOS bug with encrypted attachments
If you disable DAOS encryption ( as Matt describes), repeating the test with different attachments should succeed. (The attachments you have already created in DAOS will be encrypted until they are deleted from DAOS ).
A fix has been submitted for this in the 8.51 stream. Matt will post info about a possible hotfix.
Subject: Obtaining a hotfix for this issue
You can obtain a hotfix for this issue by opening a PMR referencing SPR# CLEN7N4TM4.
Subject: DAOS Encryption=off then it “works” but we could not use it that way
Good idea.
Disabling DAOS encryption fixed the problem but we could not use that in production since the files need to be encrypted on the hard drive as well.
We only have a single application that contains encrypted files but we are using DAOS on many other applications and their files (which are not encrypted in the documents) need to be encrypted on the hard drive.
Subject: DAOS encryption is not needed here
In fact you’ll have a bigger problem than exposed file attachments if someone gets access to your san/hdd-files. (or do you use a password for your server.id?!) 
I’ll disable DAOS-encryption just because I’ll be able to have a smaller backup-footprint and less disc-I/O (because I’ll locate my DAOS-directory on a different RAID - not in my data-dir).
Regards,
Michael