All databases are backed up and transferred off site nightly.
As part of the document storage process files have a SHA-1 (Secure Hash Algorithm 1) hash calculated and then the files are compressed and encrypted. The SHA-1 and the encryption keys are stored in the client's database. The compressed encrypted documents are stored on multiple file server nodes in the cluster. Each night the encrypted documents are replicated off site.
On 25.09.2014 a severe internet security alert was issued for many Linux/Mac systems. stSoftware immediately patched all our cloud hosted servers in response to this alert.
We advise individuals or organisations with Unix-based systems they will need to patch all internet facing Linux/Mac servers immediately.
See Severe Bash vulnerability affects Unix-based systems including Linux and Mac OSX for more information on how to manage this internet security issue.
We recommend internet users subscribe
The Heartbleed Bug is a recently discovered vulnerability in the OpenSSL cryptographic software library used by many of the world’s web servers to secure information using TLS. If the web site is vulnerable then a hacker could expose 64k of the server's memory without any trace in the server's logs. The server's memory exposed could include the server's private encryption key or other information such as usernames and passwords.
Industry standard best practice for passwords for both the web server and Linux machines. Site designers do not have direct access to the underlying Linux server, the raw database or files. All changes are done within sandbox of the system.
Users may access all allowed data via the Web Forms or via Industry standard protocols such as:
All requests for data or modification to data goes via the DAL ( Data Access Layer) no matter which protocol is used. There is NO direct access to the underlying data store. The DAL checks the ACLs ( Access Control Limits ) for each data request and performs all validations on each data modification. When data is modified