Architecture and Security
The architecture includes a number of security features to ensure the integrity and security of data.
Secure storage and authentication of user credentials using Microsoft .NET Membership;
Each page checks that a user is logged in and has an assigned role. The member provider provides the business functionality only to users that are authenticated;
Roles are used to restrict the parts of the system and directory structure that a user can access. Hence users will only be able to perform tasks for which that are authorised;
Third party applications calling the system's web services are given their own roles and granted privileges to perform only the tasks for which they are authorised;
Access to the data is undertaken through stored procedures, eliminating user's direct access to the data and reducing the risk from SQL injection;
Optional encryption using the Secure Sockets Layer (SSL) protocol suite to ensure confidentiality of data whilst in transit;
A perimeter network (DMZ), to provide an additional layer of protection between the hosted web server and the application and database server.
The architecture includes a number of security features to ensure the integrity and security of data.
Secure storage and authentication of user credentials using Microsoft .NET Membership;
Each page checks that a user is logged in and has an assigned role. The member provider provides the business functionality only to users that are authenticated;
Roles are used to restrict the parts of the system and directory structure that a user can access. Hence users will only be able to perform tasks for which that are authorised;
Third party applications calling the system's web services are given their own roles and granted privileges to perform only the tasks for which they are authorised;
Access to the data is undertaken through stored procedures, eliminating user's direct access to the data and reducing the risk from SQL injection;
Optional encryption using the Secure Sockets Layer (SSL) protocol suite to ensure confidentiality of data whilst in transit;
A perimeter network (DMZ), to provide an additional layer of protection between the hosted web server and the application and database server.
