metaBOF IT security:

• Users can access only web applications, running on a separate server
• All data is stored on another machine, all communication is via http(s)
• Access to the Archive Agent (AA) is not possible from outside
• User authentication cookie is passed to ensure rights.
• All search requests are parsed from our custom format to SQL, no SQL injection possible
• ASP.NET Identity Framework is used for user management /access control
• Security is based on roles , which are assigned to groups
• We can add external logon options based on OAUTH
• Every request is checked using an encrypted cookie. The encryption key is in servers configuration file.
• If user should not have access any more, we can force expiration of the cookie from the server side.
• We can implement features like password strength, maximum number of failed logins, account lock-out. Everything comes from the Identity Framework
• SQL DB can be encrypted, access secured by windows or SQL authentication. Only the AA and Indexer have access. Internet user does not talk to those databases.
• PVMyrs can be encrypted, and are only available through AA, never directly.
• All searches and changes in the system are logged