Security is a thorny issue when building web applications. With dbFront, we have and will take this problem seriously which is why we designed dbFront with the view of defence in depth.
The following are some of the measures used to protect your data and network:
- The login interface lets users know if they are using an insecure connection. Administrators can secure the connection by installing an SSL certificate.
- All web requests are vetted to ensure that they are real and valid.
- The web application has no direct access to the database server, no special access to the data and is intended to be installed in a DMZ.
- Security is handled by the application server which is installed in your inner network where it can safely access your database and verify user credentials.
- All queries are parameterized to prevent SQL injection.
- Support for Windows and Database authentication.
- Support for Database managed Table Security to ensure users can only access the tables they should.
- Row Level Security ensures users can only see and edit the data they should.
- Optional User Profiles to help identify the current user.
- Customizable User-Level Security for advanced functionality.
Secure Development Policy
We work with a Secure Development Policy which includes automated Penetration Testing. This same Penetration Testing is available to our clients so they can verify that their dbFront install is solid.
Future Security Plans
Knowing that attackers never rest, we are working on additional features such as:
- Client-side encryption (although imperfect it will increase the difficulty of an attack),
- Vetting of client IP addresses against various blocklists,
- Active monitoring to trap abusive activity,
- Automatic Denial Of Service (DOS) handling,
- and more...
dbFront offers a 30-day free trial so that you can download, install, and test it out in your environment. Please review the video tutorials and plan to start a free trial today. We believe you will be impressed.