PMA.core 3.0.1

User Tools

Site Tools

Trace: security

Sidebar

Translations of this page:

About PMA.core

Getting started

Monitoring system use

Root directories

Image management

Meta data

User management

Settings

Diagnostics

Reports

License handling

Installation

Advanced topics

Terminology

security
Book Creator
 Add this page to your book
Book Creator
 Remove this page from your book  

 Manage book(0 page(s))
 Help

Table of Contents

Security

Even more important than file format and storage support, you want to make sure that your data are safe. Many solutions out there require your to take shortcuts around security, or force you to violate your own rules.

Pathomation was built with security in mind from the ground up.

The following gives an impression of where PMA.core makes a difference:

Database encryption and storage support

All sensitive data are stored encrypted in PMA.core database, to prevent from any database dump vulnerabilities. This includes user passwords and access/secret keys for Amazon S3 connections, connection strings for Azure Storage and any network credentials for UNC and FTP root directories.

In addition to the above database encryption, for extra security in Amazon S3 root directories, PMA.core can also assume the IAM Role of an EC2 instance if it is running on a properly configured EC2 instance. PMA.core also supports the use of S3 profile files. For this you can leave the access key and secret key empty and PMA.core will automatically try to authenticate via a default profile file or EC2 IAM Role.

User authentication

PMA.core supports 3 types of user authentication:

  • Internal PMA.core authentication
  • LDAP/LDAPS authentication
  • OAuth 2.0 authentication

Internal PMA.core authentication

PMA.core's internal authentication system supports database encryption as described in the previous paragraph

LDAP and LDAPS

PMA.core supports authentication via LDAP to facilitate on your existing Active Directory infrastructure. Users can login and use PMA.core with their existing credentials. This eliminates the need to create new users/passwords and the required extra management for administrators, reducing the time and cost needed to manage PMA.core and the risk of any system compromise. Also any updates on the LDAP side, like updating user passwords, creating or deleting users, are automatically propagated to PMA.core.

For enhanced security, if your infrastructure supports it, PMA.core 3.0.1 and higher can use LDAPS.

OAuth 2.0

PMA.core can authenticate users over a configured external OAuth provider like KeyCloak, IdentityServer etc. Users can login and use PMA.core with their existing credentials. This eliminates the need to create new users/passwords and the required extra management for administrators, reducing the time and cost needed to manage PMA.core and the risk of any system compromise.

Native file format handling

PMA.core supports over 40 different file formats and most of them are natively implemented without the use any external libraries/SDK's. This significantly reduces the risk of any potential vulnerabilities in PMA.core, even in the future.

Audit trailing

PMA.core audits all changes made by its users via its audit trailing system. This gives administators and managers quick insight of all the changes made to PMA.core, and the ability to identify any potential misconfiguration of the system, or any other erroneous changes.

security.txt · Last modified: 2022/10/07 10:23 by yves

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki