Being an online architect management software, it is obvious that our customers may have some concerns over security of their designs and documents in Tula Projects. However, we have taken lots of security measures to make sure that your documents and data always remains secure and never gets into the wrong hands. Tula has a secure and reliable online document repository for architects. Below are few of the measures that we have taken.
- It’s HTTPS Secured (As secure as online banking transactions).
- Password is stored in encrypted manner using one-way salted hash algorithm
- Forgot password link as well as the initial link for registration sent over e-mail expire in 2 hours from sending.
- Forms authentication protecting the entire web application. Bookmarked URLs or any URL within the application would require the user to authenticate.
- The application follows a multi-tenant architecture at the database level. Data of different organizations residing in the same database but access is through tenant filtered views. i.e. the stored procedures that access the data will see data related to the organization of the current user only. Separate schema and views in them without tenant filter for enhanced access for system admin operations. Separate SQL user and connection for “system admin” access versus normal user access.
- DMS – each document access is validated for authorization. There is no way that one can access a document knowing the internal id or other details of it. Access to DMS is controlled through a controller component which checks whether the person requesting for access of the document has permissions to do so – from the organization perspective, project perspective and the permissions set in the DMS.
- Internally, DMS documents are stored outside the webroot. So, there is no virtual path pointing to the physical file for any sort of direct access. Physical storage is also segregated by organizations and projects.
- Strong typed communication across layers and use of parametrized stored procedures for database access and modifications to avoid SQL injection.
- From a functionality perspective, major entities in the system are audited for changes and the changes are logged as history.