Security is a thorny issue when building web applications. With dbFront we have and will take this problem seriously which is why we designed dbFront with the view of defence in depth.
The following are some of the measures used to protect your data and network:
- The login interface clearly lets users know if they are using an insecure connection. Administrators can secure the connection by installing a SSL certificate.
- All web requests are vetted to ensure that they are real and valid.
- The web application has no direct access to the database server, no special access to the data and is intended to be installed in a DMZ.
- Security is handled by the application server which is installed in your inner network where it can safely access your database and verify user credentials.
- All queries are parameterized to prevent SQL Injection.
- Support for Windows and Database authentication.
- Support for Database managed Table Security to ensure users can only access the tables they should.
- Row Level Security to ensure users can only see and edit the data they should.
Future Security Plans
Knowing that attackers never rest, we are working on additional features such as:
- Client side encryption (although imperfect it will increase the difficulty of an attack),
- Vetting of client IP addresses against various block lists,
- Active monitoring to trap abusive activity,
- Automatic Denial Of Service (DOS) handling,
- and more...
dbFront offers a 30-day free trial so that you can download, install and test it out in your environment. Please review the video tutorials and plan to start a free trial today. We believe you will be impressed.