CodeCharge Studio
search Register Login  

Web Reports

Visually create Web Reports in PHP, ASP, .NET, Java, Perl and ColdFusion.
CodeCharge.com

YesSoftware Forums -> CodeCharge Studio -> PHP

 Security in CCS Programme

 Print topic Send topic

Author Message
bhurban

Posts: 12
Posted: 07/22/2011, 12:00 AM
I got a project for a financial firm. They need the security like Banks transactions security.
Is it possible that I design the software in CCS and provide the complete secure system to client with online transaction system or similar???
View profile  Send private message
scarvello

Posts: 64
Posted: 07/22/2011, 3:54 AM
CCS uses a security model based on RBAC, Role-based access control: http://en.wikipedia.org/wiki/Role-based_access_control.
You can define criteria for pages acccess, CRUD criteria for the forms and also for groups of fields (by using panels).
Other issues to consider is network access security. In this case you must use SSL, fully supported by CCS.
Not less important are data transaction and locking. For transactions you can use the features available into relational DB. For example, you can write custom stored procedures by using BEGIN/END TRANSACTION for atomic writes on multiple tables. CCS also fully supports strored procedures call.
Data locking requires a specific design but there are well-known pattern for data locking in stateless web application. One is
TIMESTAMP technique. An example is here: http://www.webcheatsheet.com/php/record_locking_in_web_...ons.php?print=Y
Needless to say, for a critical application is essential to design a good data model, identifying the transaction, the users/groups, data and transaction log, application scenarios and use cases. These aspects do not affect the programming but the analysis and design. Consequently, does not fall within the objectives of a RAD like CCS.
View profile  Send private message
datadoit
Posted: 07/22/2011, 5:41 AM
What he said. :)

CodeCharge is just your hammer. You still need architects, engineers
and project managers to make sure what you construct fits your design.

CodeCharge does have built-in functions to aid in the security of your
application, such as HTTPS redirects and data type validations (CCToSQL()).
scarvello

Posts: 64
Posted: 07/22/2011, 7:16 AM
In this ppt presentation you will find security guidelines:
http://lnx.eintranet.it/public/OWASP_Top_10_090708.pptx

Some items in the checklist of page 6, like SQL Injection, are implemented and supported by CCS. Many others depends from software architeture, It infrastructure and software design.

More details:
https://www.owasp.org

However, in general I think that CCS in conjunction with the above may be able to develop critical applications.
View profile  Send private message

Add new topic Subscribe to topic   


These are Community Forums for users to exchange information.
If you would like to obtain technical product help please visit http://support.yessoftware.com.

Internet Database

Visually create Web enabled database applications in minutes.
CodeCharge.com

Home   |    Search   |    Members   |    Register   |    Login


Powered by UltraApps Forum created with CodeCharge Studio
Copyright © 2003-2004 by UltraApps.com  and YesSoftware, Inc.