Security
Authentication
Authentication is based on username/password.
Optionally 2-factor authentication can be set up using af mix of
- SMS sent to phone
- IP address of callers
Single sign on (optional)
Single sign on integration is included for
- ADFS
- LDAP (and AD)
- Google, Azure, Facebook, LinkedIn
A group membership synchronization exists for
- ADFS
- LDAP
Anonymous users (optional)
External users can access data via the following methods
- Create new records: Public link
- Services can be protected by a CAPTCHA test
- Edit existing records: Specific link sent to user
- Links can expire after certain amount of time
User permissions are granted via inheritable group membership
- Field level control
- State model
- Data ownership
Additionally special roles can be assigned
- Administrator (backend)
- Bulk operations
Encryption
Transport encryption is based on SSL via HTTPS policies
- Cloud hosting includes option for free SSL certificates
Storage encryption is best handled via operating system measures
- Linux: LUKS
- Windows: Bitlocker
Passwords are hashed using BCrypt algorithm.
Protection
Platform complies with all requirements in OWASP level 2
- Hacking: SQL injection, XSS, CSRF
- Password policies