bhurban
Posts: 12
|
Posted: 07/22/2011, 12:00 AM |
|
I got a project for a financial firm. They need the security like Banks transactions security.
Is it possible that I design the software in CCS and provide the complete secure system to client with online transaction system or similar???
|
|
|
scarvello
Posts: 64
|
Posted: 07/22/2011, 3:54 AM |
|
CCS uses a security model based on RBAC, Role-based access control: http://en.wikipedia.org/wiki/Role-based_access_control.
You can define criteria for pages acccess, CRUD criteria for the forms and also for groups of fields (by using panels).
Other issues to consider is network access security. In this case you must use SSL, fully supported by CCS.
Not less important are data transaction and locking. For transactions you can use the features available into relational DB. For example, you can write custom stored procedures by using BEGIN/END TRANSACTION for atomic writes on multiple tables. CCS also fully supports strored procedures call.
Data locking requires a specific design but there are well-known pattern for data locking in stateless web application. One is
TIMESTAMP technique. An example is here: http://www.webcheatsheet.com/php/record_locking_in_web_...ons.php?print=Y
Needless to say, for a critical application is essential to design a good data model, identifying the transaction, the users/groups, data and transaction log, application scenarios and use cases. These aspects do not affect the programming but the analysis and design. Consequently, does not fall within the objectives of a RAD like CCS.
|
|
|
datadoit
|
Posted: 07/22/2011, 5:41 AM |
|
What he said. :)
CodeCharge is just your hammer. You still need architects, engineers
and project managers to make sure what you construct fits your design.
CodeCharge does have built-in functions to aid in the security of your
application, such as HTTPS redirects and data type validations (CCToSQL()).
|
|
|
scarvello
Posts: 64
|
Posted: 07/22/2011, 7:16 AM |
|
In this ppt presentation you will find security guidelines: http://lnx.eintranet.it/public/OWASP_Top_10_090708.pptx
Some items in the checklist of page 6, like SQL Injection, are implemented and supported by CCS. Many others depends from software architeture, It infrastructure and software design.
More details: https://www.owasp.org
However, in general I think that CCS in conjunction with the above may be able to develop critical applications.
|
|
|
|