|
|
|
 We have instituted various security measures in our CMS. In order to provide SSL security while saving you money, we maintain a separate secure page password gateway, which redirects sensitive client and site visitor information to our SSL encrypted page. This means you get the benefit of SSL protection for your client's sensitive information, without paying for an SSL certificate for each site, and without being required to have a static dedicated IP address.
URL ENCRYPTION
We are also aware that URLs passed via HTTP can be hijacked. To prevent this from occurring, we have developed a URL encryption algorithm which allows the visitor to use the secure page URL only once. In the event that a hacker tries to follow that same link, the link won't work.
DATABASE ENCRYPTION
We are also aware that employees of service providers or hosting companies may have access to data stored in your clients' databases. For this reason, we've developed our own encryption algorithm, which masks the sensitive financial data of site owners and visitors.
XSS OR CROSS SITE SCRIPTING INJECTION PREVENTION
Any time you allow members to add data to a site, you are making your site vulnerable to hackers by letting them use javascript to redirect visitors to a rogue site. We have placed a script to translate some of the javascript characters, which will prevent successful rerouting.
PREVENTION OF SQL INJECTION
Because any CMS is database intensive, a knowledgeable hacker will sometimes attempt to inject malicious SQL coding to alter or delete database content. For this reason, we back up our database daily, and we instituted commonly practiced SQL injection prevention script.
FILE TYPE VALIDATION
For security reasons, we will not allow uploads of certain file types, such as.EXE,.PHP, and certain other file types not mentioned here.
ADDITIONAL SECURITY MEASURES
We've instituted even more security measures into our CMS which, for the sake of security, we won't discuss here.
|
|
|
|
|
|
