Web Applications
Security Points
- When a user accesses a Landmark application through a browser, the user must supply a user name and password as credentials. These travel over HTTP(S) to the security authentication servlets.
- The credentials are validated using the authentication policy in place (LDAP bind or Match against local storage). A new session for the user is created if the credentials are valid.
- Any requests for data or transactions are checked for the proper authorization. If the user is authorized to access data or perform an action on data, then the data is retrieved or the data changes are executed. The authorization system uses a role-based access control model.
- Appropriate data is returned for that request. Any data not authorized for the user to see is not returned (that is, it is not simply hidden from the user; it is not even sent). The authorization model is the same as in #3.
- Credentials and sensitive data are stored in the application database in an encrypted form.