 |
|
        |
Sfafinity
SecuritySecurity principles and policies are enforced in SFCRM at multiple levels. First, SFCRM supports deployment with SSL (Secure Sockets Layer) with 128-bit encryption. This level of security is, of course, essential and usually taken for granted. It offers the guarantee that the communication between the browser and the server occurs on an encrypted channel. However, as any security professional knows, SSL is not nearly enough to guarantee a secure system. Security measures must be enforced throughout the system's design, because a system is only as strong as its weakest link. While it is true that no system can guarantee absolute security, SFCRM's design goes to great lengths to ensure security by incorporating the best practices in the design of secure software. Here are some considerations that have driven its design. No plugins. SFCRM uses no plugins in its user interface — no ActiveX components or Java applets. While SFCRM offers a rich and highly interactive interface, all the interactivity is achieved using plain HTML and dynamic HTML. This approach not only speeds up page loading, it also alleviates all security risks due to such plugins. No buffer overflows. Buffer-overflow attacks — the most common means by which malicious hackers gain control — are precluded by the built-in checks in SFCRM's implementation. Part of this benefit accrues directly from the fact that SFCRM is implemented in Java, but in addition, SFCRM includes numerous security checks to guard against buffer overflows and denial-of-service attacks. No SQL injection. Another common technique to achieve security breaches is "SQL injection", where an attacker exploits database query strings that are embedded in the application's web pages. In SFCRM's case, there as a rigid separation between the software layers that handle the user interface and the database, so much so that neither layer has full knowledge of the other. This ensures that SQL injection attacks are very unlikely to succeed. Use of embedded database. A third possible cause of security breaches is the ability to "go around" the application by cracking the application's database directly. This approach exploits the database engine's vulnerabilities, and was used, for example, by the Slammer worm. In SFCRM's case, the application is configured to run the database so that it is directly embedded in the application. It is therefore not possible to circumvent the application to access the database. Protection against hijacked sessions. Session and cookie hijacking methods use the idea that an unauthorized user can masquerade as an authorized one, by suitably reusing the authorized user's authentication tokens. The SFCRM engine includes mechanisms for encrypting session keys and uniquely identifying session owners for the duration of the session, to prevent such attacks. Administration tools. Additionally, SFCRM includes numerous tools via which the system administrator can monitor activity on the system. The administrator can track login histories, page load times and database query times for the entire application, and can act quickly in the event of a security breach. Back to Sfafinity technology overview.  |
| HOME | ABOUT US | PRODUCTS | SERVICES | CLIENTS | SUPPORT | CONTACT US © Compulan 1985 - 2006 All Rights Reserved. |
|||||
 |
|
|
|
|
|