Appeon Web - security
Posted by Carmina Garcia on 25 October 2011 06:53 PM
|
|
First of all keep in mind that the whole web application’s security is not only relying on Appeon. Appeon’s security is a secondary security. The web application it is originally a PowerBuilder application and the client/server developer should take the security issue into consideration during the programming. Appeon did a lot of work to secure the data transfer on the Web, and the customer use Appeon together with other security guard mechanism to ensure the data safe on the Web. Below is a general introduction about how Appeon secure the application and data. 1. All data transferred between Appeon client and Appeon Server will be dually encrypted. It will first of all be binary encrypted and then 128 bit encrypted. 2. Both Appeon client and Appeon Server will first validate the data, to ensure this is a data or request that comes from Appeon Server or Appeon client. Every Appeon sent request or data is labeled with identifier that can only be recognized in Appeon. The identifier is also encrypted. 3. All the requests send from Appeon client side can be transferred in HTTP, and the information between Appeon client and Appeon Server is transferred in encrypted data stream. 4. Strong Web security: Appeon supports the leading Web security standards and measures to ensure that all data transmissions are safe, secure, and authentic. 5. Appeon Web applications are compatible with all corporate firewalls since Appeon communicates using HTTP over port 80 and only Web documents pass through the firewall (e.g. .HTML, .XML, .JS files). 6. Except for the ActiveX control used by Appeon Xcelerator deployment that contains signed certificate, all files are implemented using only HTML, JavaScript, and XML. Appeon’s built-in multilevel deployment security and application security ensures that unauthorized developers cannot deploy files to the server, and unauthorized users cannot access the system even when it is deployed to many different users over public networks (Internet). 7. Deployment security can be easily applied to an Appeon Server by simply configuring a setting in the AEM (Appeon Enterprise Manager). This feature helps safeguard the server from unauthorized application deployment. 8. Most existing PowerBuilder application security measures are automatically replicated in the Appeon Web application. This includes features such as specifying privileges for accessing particular menus, windows, functionalities within windows, and even DataWindow data (columns). 9. Appeon adds a second layer of application-level security on top of the existing PowerBuilder application security. Application level security will authenticate users based on logon credentials (e.g.username/password and IP address) before allowing the user to logon to the application. The user access can be managed using an LDAP server or Appeon’s on built-in system. 10. Session timeouts can be easily applied to all Appeon Web applications by simply configuring a setting in the AEM. This feature helps safeguard the application from unauthorized access when authorized users have stepped away momentarily or forgot to logout from the system. | |
|