» Home » Tornado CMS » Website Hosting » Request Information » Contact Us  
      CMS OVERVIEW
   CMS Introduction
   Content Separation
   Design Templates
   Databases
   Security
   Multi-User Authoring
   Workflow processes
   Modular Components
   Data Backup
   Statistics
   Special Features
   3rd party Technology

1.4: Security

SSL Certificates - A website can have a CA (Certificate Authority) issued certificate that allows for connections over a secure connection. All data sent and received by the site is encrypted before transmission, and only the appropriate user can decrypt that data. This eliminates the possibility of a hacker gaining access to private data by intercepting the data whilst it is being transmitted.

Access Level Restrictions - Access to all areas of a CMS controlled site can be limited to a specific access level. This allows for the protection of all important areas from access by those with insufficient levels to view the pages (such as the administration section).

Group Access - Access to specific areas can also be controlled by user groups. This allows for group rights to be granted to a user, effectively giving them access to all areas others of that group can access, provided they also have a sufficient access level as well.

Session Tracking - Viewers of a website can be tracked by the use of sessions. Each new visitor to a site is assigned a unique ID that can be accessed on each new page, and allows for the identification of a specific user as they navigate through the pages of a site. This allows for a user to log into their account and gain access to restricted pages based on their access levels and groups. Session tracking is also a vital part of any e-commerce basket system.

Cookie Based Tracking - The use of cookies (small data-files stored on a browser’s machine) allows the user to be identified as each new page view sends the cookie data back to the website. By storing only the session ID in this cookie file, the risk of hacking is greatly reduced.

Query String Based Tracking - By including the session ID on the query string (the part of any URL that follows the ?[question mark] symbol) the CMS can determine the current session for a page view by this unique ID. This method can be employed when a browser has cookies disabled. All links on a page would also include the session ID as part of a query string to allow for the tracking of the user as they navigate the site.

IP Confirmation - The IP address of most users can be accessed by the CMS, and if it is a different IP from the previous access by that user, they can be automatically logged out. This means that should someone attempt to access the site by specifying a URL with an attached query string ID, they will not gain access due to differing IP addresses. Additional information can be checked in a similar fashion to further increase the security of a site.

Security Certificates - For the truly secure site, individual encrypted certificates can be issued to each author, and those certificates are then checked whenever that author views a site. If the certificate isn’t found the author is denied access; this means that only the machine that has the certificate installed can access the restricted areas of the site. The certificates are encrypted in the same manner as SSL connection certificates, a proven method of secure communications.

« Previous Page - Next Page »

 

LINUX hosting
Our LINUX hosting plans are ideal for anyone who needs an online presence - individual or business. We offer generous space allocation and unparalleled uptime. We use only high performance servers and connections, to ensure that your sites are delivered to your visitors FAST. » More info

Windows 2000 hosting
Our Windows plans are ideal for anyone who needs a site that supports ASP, Access, SQL2000 or ColdFusion. Win2000 hosting plans are configured for flexibility - we can provide you with just what you require.
» More info
 Copyright © 2001 - 2005 Tornado Limited.   Online Privacy Practices
Powered by TORNADO CMS