EN NL BG DE
Microsoft Certified PartnerBeotela Ltd Company Products & Solutions Support Special offers Reseller's info
Beotela Web Studio BWS Forums     Site map
 Search      
 
 

Beotela Web Studio 5.0

BWS Lite
BWS Professional
BWS Enterprise
BWS Community
BWS Remote

BWS PowerPoint Presentation

 

Knowledge base
BWS Forums
BWS Technology
BWS Functional   Overview and Comparison
BWS Security
BWS FAQ
BWS Advantages
Case Studies
BWS Usage PowerPoint Presentation

Prices
Privacy Protection










Partner Sites
Finland
Brunei Darussalam
Costa Rica
Curacao
 Home > Products > BWS Security
BWS Security

Beotela has put great effort to incorporate within Beotela Web Studio the maximum security possible needed for a web based content management system. The standard incorporated security applies for all Beotela Web Studio 5.0 versions.

Within BWS Professional, Enterprise and Community the security is extended with the module BWS Approval System. BWS Authorization uses the four eye approval principle before any change takes effect on the website. BWS Approval System stores the edited web page files in a separate location for final approval. An appointed BWS administrator receives a notification via email whenever a file has been edited in order to review the applied changes. The use of BWS Authorization is optional although it is part of BWS Core functionalities.

All modules in BWS require user authorization in order to provide access to the back-end interface. The authorization is kept in a cookie, which is valid throughout the lifetime of the session. The data for the local users is encrypted (using a MD5 hash algorithm) and stored in the BWS_Config/Xml folder, which is inaccessible for anonymous users. All BWS versions' back-end have three access levels:

     User
     Administrator
     Super Administrator

By default every newly registered normal user has  read only permissions. The Administrators set the additional user's permissions per file/folder. Usually the files inherit the access permissions from the folder, in which they are located. The Administrators also set the user's access permissions for each BWS module.

Only Administrators can edit local Users’ and Administrators’ data. BWS users have permissions to edit other users' data, they are in the same or higher access level. Thus, for example, Administrators can edit the personal info of Normal users and Administrators, but cannot access the profiles of Super Administrators.

If the site running BWS, contains files with Read Only attributes (NTFS), it can be modified only by Super Administrators.

BWS creates log files for every successful login to the system and keeps track of the exact time of entering/exiting the system as well as information on the performed actions.

BWS provides the multiple file upload functionality to BWS Users and Administrators. It can be used according to the files/folders access permission the user has. Normal users cannot overwrite files to which they do not have access permissions as well as files with the Read Only attribute set on the server’s file system. Only Super Administrators can overwrite read only files.

BWS does not allow BWS Users to uppload potentially dangerous files (applications, libraries, server scripts, etc.). The allowed file types for upload are:

     application/java 
     text/x-component 
     application/x-shockwave-flash 
     application/x-zip-compressed 
     text/css 
     image/jpeg 
     image/gif 
     text/plain 
     text/html 
     application/msword 
     text/richtext 
     application/vnd.ms-excel 
     text/xml 
     application/msaccess 
     image/pjpeg 
     image/x-png 
     application/pdf

BWS does not allow BWS Users to upload files with certain extensions. These files may contain scripts that can be potentially dangerous for the server. The forbidden extensions are:

     .exe 
     .bat 
     .vbs 
     .asp 
     .aspx 
     .com 
     .php 
     .php3 
     .php4 
     .cfm 
     .jsp 
     .dll

Renaming files into ones with the listed extensions is also not allowed. The purpose of this restriction is not to allow the creation of potentially harmful server scripts by including them into “harmless” file types: .html, .txt, etc.

Even if user has edited a file and somehow unknown, potentially dangerous pieces of server codes (ASP scripts) have appeared in the file, BWS automatically rejects and does not save the changes.

BWS allows the actualization of predefined (installed by the system) script files. Every time an attempt to enable such scripts is made, analysis is performed and the system rejects to save the file containing the unauthorized scripts.

For the security of page editing BWS is built so that Administrators can edit the whole contents of the page and can create editable areas for editing by the Normal Users through IE and/or i-Mode browser enabled devices. Normal users can only edit the content inside those editable areas.

Detailed review of the application's security is available upon request  

В© Copyright 2000-2008 Beotela Ltd. Terms of Use