AlchemyWorks


AlchemyWorks Project Security

AlchemyWorks Security Policy

Security is paramount for online systems. AlchemyWorks regularly review systems, current threats and best practices for secure operations. Methodologies include, but are not limited to;

SSL - Systems are accessed via encrypted SSL connections, ensuring server identity and protection from man-in-the-middle attacks. AlchemyWorks software will refuse to operate unless a valid SSL connection is present.

Passwords - Each user is allocated a unique ID and password which can only be used for one concurrent service connection. Password strength can be determined by the administrator, relevant to a particular clearance level, and is stored as a salted SHA256 hash. Passwords are never sent across email, and reset is by means of a randomly generated time limited token.

Cookies - Session cookies consist only of random data and contain no user or identification information. They are also regularly rotated during activity and are normally deleted at end of a browser session. It is possible to store a user cookie that contains the account domain and user name for ease of login, however this should not be enabled on any shared or public computer.

Encryption - The document management system individually encrypts all documents, and they are stored separately from the main database.

Secure Environment - Servers are in a physically secure environment, with access protected by firewall. Support and administration systems cannot be accessed directly across the Internet.

Intrusion Detection - Systems actively monitor and log common vectors of attack for analysis and investigation.

Home Page Features Free Trial

Copyright © 2017 AlchemyWorks - All Rights Reserved. [Terms] [Cookies] [Privacy] [Security] [Sitemap]