# Security external

### <span class="mw-headline" id="bkmrk-virus-scanning-1">Virus scanning</span>

Scanning of uploaded files are left to software installed on the system.

The upload feature will temporarily store the files on the file system, so that detection mechanisms can quarantine the files in case they are infected.

### <span class="mw-headline" id="bkmrk-storage-encryption-1">Storage encryption</span>

Storage encryption is normally supported by the underlying technologies, with the possible exception of password hashes (handled with BCrypt).

MySQL (+8) supports multiple encryption schemes

- The whole database
- Single schema (each TS installation)

Read more about encryption for [MySQL](https://mysqlserverteam.com/controlling-table-encryption-in-mysql-8-0/) and [MariaDB](https://mariadb.com/kb/en/data-at-rest-encryption-overview/)

O/S level encryption technology includes

- Windows: BitLocker
- Linux: LUKS

### <span id="bkmrk-"></span><span class="mw-headline" id="bkmrk-transport-encryption-1">Transport encryption (https)</span>

Minimum requirements are SSL certificates. On Linux these can easily be obtained for free via LetsEncrypt.

Optionally the server can also apply to HSTS, using the following [guideline for Tomcat](https://www.javaprogramto.com/2018/09/adding-http-strict-transport.html).

### <span class="mw-headline" id="bkmrk-denial-of-service-at-1">Denial of service attacks</span>

Protection against DOS attacks are best handled using dedicated services such as Cloudflare.