metaBOF IT security:
  • Users can access only web applications, running on a separate server
  • All data is stored on another machine, all communication is via http(s)
  • Access to the Archive Agent (AA) is not possible from outside
  • User authentication cookie is passed to ensure rights.
  • All search requests are parsed from our custom format to SQL, no SQL injection possible
  • ASP.NET Identity Framework is used for user management /access control
  • Security is based on roles , which are assigned to groups
  • We can add external logon options based on OAUTH
  • Every request is checked using an encrypted cookie. The encryption key is in servers configuration file.
  • If user should not have access any more, we can force expiration of the cookie from the server side.
  • We can implement features like password strength, maximum number of failed logins, account lock-out. Everything comes from the Identity Framework
  • SQL DB can be encrypted, access secured by windows or SQL authentication. Only the AA and Indexer have access. Internet user does not talk to those databases.
  • PVMyrs can be encrypted, and are only available through AA, never directly.
  • All searches and changes in the system are logged

Share by: