The system security requirements are as follows:
Password Protection and Session Management Security
INFOGATE is always password protected and supported by a strong session management layer within the application’s core architecture. This ensures that only valid users with valid session can access the application.
Additional authentication through security questions management enhances further the security of the user login into the system. The security question must be answered by the user before they can login in if the security feature is activated.
SQL Injection Security
This application has been carefully designed and tested to prevent any form of SQL injection attack from hackers. This is done by using PHP scripts. Therefore, any hackers are prevented from creating some SQL scripting to write directly onto MySQL database.
SSL Connection Security
The application supports use of SSL (HTTPS) connection transparently just as it supports the normal HTTP connection. This SSL connection is fully encrypted by means of a SSL certificate certified by any recognized Certificate Authority (CA) such as Verisign or MSC Trustgate. When the application has an encrypted communication channel, sensitive data can be protected between the client and server.
Role Based Access Control Security
The application permission model allows for flexible manipulation of users’ role in managing different content and modules of the application. The system administrator/web administrator manages the account for each user’s role and access type. Each role and access type assigned must be based on privilege to specific content and module of the application.
Logging and Audit Trail Security
All accesses and changes to the application are logged and audit trail report is provided from the application itself. This provides a form of security audit for the system administrator/web administrator to perform proper investigation on the application. In addition to audit trail, a transaction log is also being created when a transaction has occurred through internal and external interface connectivity.
The system supports the following integration using other message formatting supported by the portal for future integration will be in the form of XML, Flat File, ASCII format and via web service. The solution shall also support batch data import, integration API and file upload.