Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
security [2020_05_27 16:44]
steven
security [2020_05_28 12:06]
jim [2 Encrypted Data in Motion]
Line 1: Line 1:
  
 ====== Security ====== ====== Security ======
 +== Updated on May 27, 2020 ==
  
 SME provides a SaaS and hybrid on-premises multi-cloud content management solution called the Enterprise File Fabric. ​ This provides unique federation, governance and data management features. This section of the Wiki outlines the security that is inherent within the SME hosted and on-premises versions of the File Fabric. SME provides a SaaS and hybrid on-premises multi-cloud content management solution called the Enterprise File Fabric. ​ This provides unique federation, governance and data management features. This section of the Wiki outlines the security that is inherent within the SME hosted and on-premises versions of the File Fabric.
Line 18: Line 19:
 ===== 2 Encrypted Data in Motion ===== ===== 2 Encrypted Data in Motion =====
  
-HTTPS is configured by default for all users of the Cloud File Server SaaS users and Appliance.+HTTPS is configured by default for all users of the hosted version of the File Fabric ​and the Enterprise edition of the File Fabric.
  
 A commercial server that uses HTTPS must have a public key certificate issued that verifies the entity. The end-user can verify the entity by clicking on the HTTPS icon from the browser. A commercial server that uses HTTPS must have a public key certificate issued that verifies the entity. The end-user can verify the entity by clicking on the HTTPS icon from the browser.
Line 27: Line 28:
  
 [[https://​www.ssllabs.com/​ssltest/​analyze.html?​d=storagemadeeasy.com|Check out]] our online sites using [[https://​www.ssllabs.com/​index.html|Qualys SSL Labs site check]]. [[https://​www.ssllabs.com/​ssltest/​analyze.html?​d=storagemadeeasy.com|Check out]] our online sites using [[https://​www.ssllabs.com/​index.html|Qualys SSL Labs site check]].
 +
 +{{::​screenshot_2020-05-28_at_13.01.52.png?​600|}}
  
 ===== 3 Encryption Algorithm ===== ===== 3 Encryption Algorithm =====
Line 121: Line 124:
 We follow best practices in developing secure software, as mandated by GDPR, protecting for example against injection attacks, cross-site request forgery and session hijacking. We perform a third-party vulnerability code scan for each release. We follow best practices in developing secure software, as mandated by GDPR, protecting for example against injection attacks, cross-site request forgery and session hijacking. We perform a third-party vulnerability code scan for each release.
  
-The following ​cookies are used. <​site>​ is the subdomain ​of your instance. +These are the formats of the cookies are used. <​site>​ is the unqualified hostname ​of the web addressThe unqualified hostname ​of %%https://files.example.com%% is files.
- +
- * PHPSESSID - Unique ID of session. RetentionSession +
- +
- * site__just_logged_in - Start page logicRetention: 1 year +
- +
- * autologin - token for remember me featureRetention: 14 days+
  
- * site__various - Remembers settings between sessions such as what folders and panels are collapsed, and the last sort order. ​ ​Retention: ​1 year+^ Cookie ^ Type ^ What for ^ Retention ^ 
 +| PHPSESSID | Functional | Unique ID of session | Session | 
 +| %%<​site>​__just_logged_in%% | Functional | Start page logic (0 or 1) | 1 year | 
 +| autologin | Functional | Token for remember me feature | 14 days | 
 +| %%<​site>​__<​various>​%% | Functional | Remembers settings between sessions such as what folders and panels are collapsed, and the last sort order. ​e.g. %%files__mainTree_openedFoldersKeys%% | 1 year |
  
 ===== 14 Cyber Essentials ===== ===== 14 Cyber Essentials =====