Prints: 36" x 36" $250.00 |
DIPEx Security Security in the form of encryption, user management and permissions is extremely important to most of our customers, and has been included in the design and development of the DIPEx system from its earliest stages to the current production system. Access to the Web Services and Web GUI is only allowed over encrypted SSL http, so all communications with the system are encrypted. The Web Services all require an authenticated user, and the first screen presented to a Web GUI user is the login screen.
Web GUI Login Screen
Every asset tracked in the system has ownership, logging and permissions associated with it. The user that creates the object is the owner, and permissions are initially inherited from the parent asset, but can easily be changed via the permissions interface. Permissions are assigned to an asset by user group and users can belong to none or many groups. Each asset has the following permissions for each group: select, insert, update, delete, execute and grant. Select allows a group to view the asset and its attributes; if no select permission is granted, the asset will not appear in the tree. Additionally, for an asset to be visible the user must belong to a group that has select permission of the asset’s parent asset; this is very useful for completely hiding branches of the tree from groups of users. Insert, update and delete allow a group to modify the asset. Execute is a special case which applies to access to DIPEx image processing modules. Grant allows a group to assign or remove group permissions for the asset. Additionally permissions can be recursively applied or inherited to all assets in the branch of a tree, and if desired a user with grant permission can block permissions from inheriting from the parent.
Permissions Interface
Group Managment Interface
Users that belong to a group with select permission for an asset, but do not have other permissions for the asset are presented with a read-only version of the data. Menu items that would allow user to modify the asset are disabled. Also, the Web Service methods are disabled, so the permissions cannot be circumvented. Unprivileged User with Menu Items Disabled
Another critical piece of the security puzzle is logging. The DIPEx Web Services log every method call storing very detailed information about who, what and how the method is called. Any methods that make modifications to the database are further tracked in detail, down to the SQL statements run on the database. These log entries are stored in the registry database, and are easily mined with SQL queries for reporting on anything from security to usage statistics. Of course there are also the Web Server logs for more traditional tracking including the use of http log analysis tools.
|
|
|
