Author Topic: Workspace Security?  (Read 3914 times)

editfish

  • Jr. Member
  • **
  • Posts: 66
    • View Profile
Workspace Security?
« on: September 18, 2008, 01:34:00 am »
I like the 'Properties' option with each added item, particularly with regards to the Weblinks.  I have been interested in using these to track various logins and passwords to the associated sites (not sharing the workspace with other users).

How secure is this with regards to the filesystem and/or MySQL?

Thus far I have been using mnemonics to enter the passwords (ie. 'reg+phone' or 'reg+reg+DOB'), but I am curious just how far this can be utilized securely?  Or am I completely misunderstanding the usage of this dashboard option?

Thanks!

cabeza

  • Administrator
  • Hero Member
  • *****
  • Posts: 1004
    • View Profile
    • Feng Office
Re: Workspace Security?
« Reply #1 on: September 18, 2008, 08:21:28 pm »
Hi editfish,
 properties are there for any particular use, completely multi-purpose. It is  simply metadata associated to an object. This metadata is only visible to users that can access the object itself. So the use you are giving to them sounds great.
Regarding security ... data is stored in a MySQL Server ... and the rest depends on you server configuration, permissions, etc.
Thanks,
Marcos

conrado

  • Administrator
  • Hero Member
  • *****
  • Posts: 998
  • Conrado
    • View Profile
    • Feng Office
    • Email
Re: Workspace Security?
« Reply #2 on: September 19, 2008, 11:15:16 am »
I would say you can trust it as much as you trust the people/company that can access that server with an admin -root- access level.
Get Official Support for your Feng Office. Support the development team. Sign up for a Free Trial here.

editfish

  • Jr. Member
  • **
  • Posts: 66
    • View Profile
Re: Workspace Security?
« Reply #3 on: March 02, 2011, 11:57:22 am »
OK, so it's been a while since I started this thread, and have since moved my install to a SSL server, which, as I understand it, encrypts transmitted information (sent or received), but you are saying that the info in the database itself is NOT encrypted?

Are there any plans to encrypt some or all of the database, or will we always be dependent on the admins to not snoop through it?   ::)

This issue was brought back to my attention through the use of a small app (PHPChain) built specifically for storing encrypted passwords, and it would be great if it (or something similar) could be incorporated into Feng.

* PHPCHain - http://www.globalmegacorp.org/PHPChain/


franponce87

  • Administrator
  • Hero Member
  • *****
  • Posts: 1819
    • View Profile
    • Email
Re: Workspace Security?
« Reply #4 on: March 03, 2011, 11:30:20 pm »
For the time being, yes, the information does not get encrypted when being written into the database, except for the passwords.

Best regards,
Francisco
Would you like to install Feng Office Professional or Enterprise Edition in your servers? No problem! Read this article!

editfish

  • Jr. Member
  • **
  • Posts: 66
    • View Profile
Re: Workspace Security?
« Reply #5 on: March 03, 2011, 11:56:01 pm »
Since there is already an encryption algorithm in place (for the passwords), how difficult would it be to expand it to include the 'custom properties' (custom data fields) added to object types through the administration panel?

(See attached mockup of what it might look like)