HostCMS Security

Safety Features

The management system uses expanded methods of safety:

• A Single Authorization System and access rights monitoring at the core level of system.
• HTTPS access (SSL/TLS) protocol.
• Session Time Limits is applied to users of backend and users of the websites.
• IP Session Binding excludes use of session in case of interception of its identifier by an intruder.
• Storage of sessions in a database excludes obtaining the session from a shared directory of session storage on a shared hosting.
• Passwords storage in a hash-code¹ excludes recovery of the password in the original form.
• Backend Logging events, actions and errors of management system.
• Minimum Password Length of backend user is 9 characters.

Backend Users Rights

In management system a mandatory safety policy is applied, in which access rights to system sections are granted to user groups.

The user group has two levels of rights:

1. access rights to modules;
2. access rights to actions of the forms (for example, action "Delete" the form "Information Systems") containing in modules.

Superusers (users with a flag "Privileged") have the maximum rights and access to all actions of all sites supported by the copy of the management system.

The user with the attribute "Access only to items created by user" has the right of actions only over those elements which he created himself or over the elements which don't have an owner. The "Access only to items created by user" attribute doesn't affect privileged users.

Access rights to modules allow to differentiate control of modules of each site. For example, site editors don't have to have access to the section "Sample Dynamic Pages" or "SQL queries".

Access rights to actions allow to carry out fine setup of rights for execution of actions of forms. The administrator has an opportunity to provide users access to all actions of the form both by means of the group operations "Allow All Actions" and "Forbid All Actions", and by means of detailed setup of rights.

¹Hash-code — it's the result of data transformation of random length in a line of fixed length in case of which change of input data leads to unpredictable change of output data. Single-digit compliance between basic data and a hash code is absent.