Document, Attachment Security
eCatalog provides Document Libraries module in the system. Following are actions implemented to secure the system:
- Uploading documents:
User use the UI to upload documents. For more protection, we only allow known files such as Microsoft Office and PDF can be uploaded. - File storages:
The files are stored in the database in a form of blob/binary. With three tier architecture, there’s no way end-user is able to download, copy-paste the files directly on the server. - Downloading documents:
To download documents, user must use the web-browser and click the provided link. The link is auto-generate by the system and encrypted. System will check the Access Control List to ensure only authorized user can download the document. - Temporary Files.
eCatalog system might require to store some files in temporary folders, which cannot be accessed directly by end-user. To protect the documents, following are implemented: - These temporary files will be deleted every day.
- No way for end-user to download or access the temporary folders.
- The file names are renamed to guid-based file names, which difficult to associate.