12/11/2024 3:21:09 PM
Login
Sign Up
ParsPortal
Products
Services
Support
Home Page
Products
Pars Support
Security
Pars Support Security
SSO:
Despite of SSO feature on system, there no need to create multiple Username/Account for a person and every person is able to use all or one of software products of Pars Data integrated which are located on independent servers and domains just by having one username and password.
Sites Join
To manage more than one site the unique feature (that there is no similar on any internal and foreign similar products) has been designed which makes one or two directional connection (based on administrator choice and it is flexible at anytime) of sites and provides management of all sites in the form of concentrated at the same time. It blocks access of users to the sites which are not connected to the main site.
SHA-2 (SHA-256
and SHA-512):
For one way combination of HASH inputs when security of data combination has the highest priority and its processing rate has lower priority.
MD5:
For one way combination of HASH inputs and using when data processing rate has higher priority than data combination.
AES:
For symmetric coding with RIJNDEAL algorithm and in other word, data encoding and its translation when variable length of retrieved data is not important. In addition of using this algorithm on BLL layer, it is also used on DAL and SQL layers with respect to facility development on SQL 2008.
DES:
Use of 3DES (Triple DES) for symmetric encoding when performance has lower priority.
SQL Function Encryption:
One directional encryption of all functions used on SQL.
SQL Schema:
To observe standard of use of Schema to all used objects on SQL (for example stored procedures, defined functions, table functions and etc.) to increase function execution security.
SQL Injection:
Prevention any type of SQL injection. This prevention is done in DAL layer of system.
XSS (Cross-site scripting):
Prevention any type of script injection. This operation is validated and done on 2 layers UI and BLL. Also validate request of layer UI is active on whole system.
RFI (Remote File Inclusion):
Prevention any type of RFI injection.
Objective Permission:
Pars Data has considered all components of Admin pages as an object and system administrator can determine accessibility of objects of each part to system administrators through control panel.
Role Permission:
When there is no object, for example hide of some GRID records from an administrator or group of administrators, we are able to use available Role Permissions on system. For example if you don't want to display created campaigns by other administrators to one of administrators or a group of them.
Permission Planning:
When there is no object and predetermined role you can use different sections of system which contains permission planning ability by creating access plan for them. Now, page management section supports this ability. For example you can create a page and determine its accessibility with access plan (level or set of levels, group or set of groups with combination of each one of specific users).
SSL/TLS:
Both of these protocols are supported by system.
IP Filtering:
This feature makes some administrators to entre which their IP has been defined. For example if you have decided to entre to system just from your work or house, thus entre your house or work IP in system or you want to allow system administrators to access just from within firm/organization. Give accessibility to some specific administrators from outside of organization.
Log Recording:
All entry and exit of users and their events such as Log is registered in system and with the use of filter (based on time, IP, user, type and etc) it is visible to system administrators easily. Fetching information of Logs has been designed and tested by using Indexing such that desired events, even among the millions of record will be done within few seconds.
Session Encryption:
It prevents Session replacement. Pars Data encodes all Sessions from time of creation to expiry by symmetric method. Thus there will not be chance of change and fraud of sessions, under no circumstances.
Form Method
In cases like Ajax that sending information from client to server is required; Pars Data always uses POST method instead of GET method. The reason of this is clear, in GET method data is sent to server such as a part of URL. That means sent information on user browser, firewalls, proxy servers (like squid) and web server (saved on Raw Logs) will be easily viewed but by POST method sent information is not visible within none of these interfaces.
System files
These files are kept on a branch higher than WWW to prevent download of required files.
Write Access permission
Software execution does not need to create Write access for none of parts (like folders within WWW or above it). Software operation is done only with the use of user ASPNET that is related to that site.