eCatalog provides Document Libraries module in the system. Following are actions implemented to secure the system:

  1. Uploading documents:
    User use the UI to upload documents. For more protection, we only allow known files such as Microsoft Office and PDF can be uploaded. 
  2. File storages:
    The files are stored in the database in a form of blob/binary. With three tier architecture, there’s no way end-user is able to download, copy-paste the files directly on the server.
  3. Downloading documents:
    To download documents, user must use the web-browser and click the provided link. The link is auto-generate by the system and encrypted. System will check the Access Control List to ensure only authorized user can download the document. 
  4. Temporary Files.
    eCatalog system might require to store some files in temporary folders, which cannot be accessed directly by end-user. To protect the documents, following are implemented:
    1. These temporary files will be deleted every day.
    2. No way for end-user to download or access the temporary folders.
    3. The file names are renamed to guid-based file names, which difficult to associate.