security
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
security [2022/09/15 13:54] yves [Native file format handling] |
security [2023/11/21 16:02] (current) chris |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== Security ===== | ===== Security ===== | ||
| - | Even more important than file format and storage support, you want to make sure that your data are safe. Many solutions out there require your to take shortcuts around security, or force you to violate your own rules. | + | Even more important than file format and storage support, you want to make sure that your data are safe. Many solutions out there require you to take shortcuts around security, or force you to violate your own rules. |
| Pathomation was built with security in mind from the ground up. | Pathomation was built with security in mind from the ground up. | ||
| - | The following gives an impression of where PMA.core makes a difference: | + | Here's where PMA.core makes a difference: |
| ==== Database encryption and storage support ==== | ==== Database encryption and storage support ==== | ||
| - | All sensitive data are stored encrypted in PMA.core database, to prevent from any database dump vulnerabilities. This includes user passwords and access/secret keys for [[rootdir_s3|Amazon S3]] connections, connection strings for [[rootdir_azure|Azure Storage]] and any network credentials for UNC and FTP [[rootdir|root directories]]. | + | All sensitive data are stored encrypted in PMA.core database to prevent any database dump vulnerabilities. This includes user passwords and access/secret keys for [[rootdir_s3|Amazon S3]] connections, connection strings for [[rootdir_azure|Azure Storage]] and any network credentials for UNC and FTP [[rootdir|root directories]]. |
| - | In addition to the above database encryption, for extra security in Amazon S3 root directories, PMA.core can also assume the IAM Role of an EC2 instance if it is running on a properly configured [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html|EC2 instance]]. PMA.core also supports the use of S3 [[https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials_profiles.html|profile files]]. For this you can leave the access key and secret key empty and PMA.core will automatically try to authenticate via a [[rootdir_s3|default profile file or EC2 IAM Role.]] | + | In addition to the aforementioned database encryption, for extra security in Amazon S3 root directories, PMA.core can also assume the IAM Role of an EC2 instance if it is running on a properly configured [[https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html|EC2 instance]]. PMA.core also supports the use of S3 [[https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials_profiles.html|profile files]]. For this you can leave the access key and secret key empty and PMA.core will automatically try to authenticate via a [[rootdir_s3|default profile file or EC2 IAM Role.]] |
| ==== User authentication ==== | ==== User authentication ==== | ||
| Line 23: | Line 23: | ||
| === LDAP and LDAPS === | === LDAP and LDAPS === | ||
| - | PMA.core supports authentication via LDAP to facilitate on your existing Active Directory infrastructure. Users can login and use PMA.core with their existing credentials. This eliminates the need to create new users/passwords and the required extra management for administrators, reducing the time and cost needed to manage PMA.core and the risk of any system compromise. Also any updates on the LDAP side, like updating user passwords, creating or deleting users, are automatically propagated to PMA.core. | + | PMA.core supports authentication via LDAP to facilitate on your existing Active Directory infrastructure. Users can login and use PMA.core with their existing credentials. This eliminates the need to create new users/passwords and the required extra management for administrators, reducing the time and cost needed to manage PMA.core and the risk of any system compromise. Additionally, any updates on the LDAP side, like updating user passwords, creating or deleting users, are automatically propagated to PMA.core. |
| - | For enhanced security, if your infrastructure supports it, PMA.core can use LDAPS. | + | For enhanced security, if your infrastructure supports it, [[what_s_new_in_version_3.0.1|PMA.core 3.0.1 and higher]] can use LDAPS. |
| === OAuth 2.0 === | === OAuth 2.0 === | ||
| Line 34: | Line 34: | ||
| ==== Audit trailing ==== | ==== Audit trailing ==== | ||
| - | PMA.core audits all changes made by its users via its [[audit_trailing|audit trailing]] system. This gives administators and managers quick insight of all the changes made to PMA.core, and the ability to identify any potential misconfiguration of the system, or any other erroneous changes. | + | PMA.core audits all changes made by its users via its [[audit_trailing|audit trailing]] system. This gives administators and managers quick insight into all the changes made to PMA.core, and the ability to identify any potential misconfiguration of the system, or any other erroneous changes. |
security.1663239245.txt.gz ยท Last modified: 2022/09/15 13:54 by yves
