stSoftware systems are designed to meet or exceeds all aspects of the Australian Government Protective Security Policy Framework PSPF. At stSoftware, we take security very seriously. Our servers are locked down to be accessed only via secure shell and from specific IP addresses and are constantly monitored. There is no direct access by developers or business users to the underlying system. All changes by site developers are kept within a sandbox to only ever allow changes that are validated and prevent direct access to the underlying machines.
Best practice network design for a fully redundant, fault tolerant stSoftware server cluster has:-
All Linux servers are locked down to the highest security standards possible. All services are off by default and all ports shut. Only the required services started.
The system administrator can configure the system password options to find the correct balance between convenience and security. The password and login options can be configured at the user level also.
All protocols access the underlying data through the DAL (data access layer). There is NO direct access to the underlying data store no matter which protocol is used. Each protocol accepts the request to read or write data and then perform the protocols validations and then passes the request on to the DAL to execute the request which in turn validates the request, checks the user's access and perform any validations before returning the result.
Standard SQL injection and Cross Site Script attacks are performed on each component as part of normal nightly unit testing.