===== Security ===== Even more important than file format and storage support, you want to make sure that your data are safe. Many solutions out there require your to take shortcuts around security, or force you to violate your own rules. Pathomation was built with security in mind from the ground up. The following gives an impression of where PMA.core makes a difference: ==== Database encryption and storage support ==== All sensitive data are stored encrypted in PMA.core database, to prevent from any database dump vulnerabilities. This includes user passwords and access/secret keys for [[rootdir_s3|Amazon S3]] connections, connection strings for [[rootdir_azure|Azure Storage]] and any network credentials for UNC and FTP [[rootdir|root directories]]. In addition to the above database encryption, for extra security in Amazon S3 root directories, PMA.core can also assume the IAM Role of an EC2 instance if it is running on a properly configured [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html|EC2 instance]]. PMA.core also supports the use of S3 [[https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials_profiles.html|profile files]]. For this you can leave the access key and secret key empty and PMA.core will automatically try to authenticate via a [[rootdir_s3|default profile file or EC2 IAM Role.]] ==== User authentication ==== PMA.core supports 3 types of user authentication: * Internal PMA.core authentication * LDAP/LDAPS authentication * OAuth 2.0 authentication === Internal PMA.core authentication === PMA.core's internal authentication system supports database encryption as described in the [[security#Database encryption and storage support|previous paragraph]] === LDAP and LDAPS === PMA.core supports authentication via LDAP to facilitate on your existing Active Directory infrastructure. Users can login and use PMA.core with their existing credentials. This eliminates the need to create new users/passwords and the required extra management for administrators, reducing the time and cost needed to manage PMA.core and the risk of any system compromise. Also any updates on the LDAP side, like updating user passwords, creating or deleting users, are automatically propagated to PMA.core. For enhanced security, if your infrastructure supports it, [[what_s_new_in_version_3.0.1|PMA.core 3.0.1 and higher]] can use LDAPS. === OAuth 2.0 === PMA.core can authenticate users over a configured external OAuth provider like KeyCloak, IdentityServer etc. Users can login and use PMA.core with their existing credentials. This eliminates the need to create new users/passwords and the required extra management for administrators, reducing the time and cost needed to manage PMA.core and the risk of any system compromise. ==== Native file format handling ==== PMA.core supports over 40 different [[supported_file_formats|file formats]] and most of them are natively implemented without the use any external libraries/SDK's. This significantly reduces the risk of any potential vulnerabilities in PMA.core, even in the future. ==== Audit trailing ==== PMA.core audits all changes made by its users via its [[audit_trailing|audit trailing]] system. This gives administators and managers quick insight of all the changes made to PMA.core, and the ability to identify any potential misconfiguration of the system, or any other erroneous changes.