OpenPro Web Security

Back

Web Security

Security Issues with web-based ERP solutions

Many times the subject of security comes up when we are discussing OpenPro ERP Software. Over OpenPro’s 10 years of web-based ERP, we have never had someone break into one of our customer's system. With web-based technology like anything else, if you design it right with security in mind, the system is safe. Unlike a product that many people use everyday Microsoft Windows, people get attacked all the time and they still use this product. OpenPro is a web-based ERP system and it can use an Internet connection if you want to gain the full advantages that OpenPro has to offer.

An OpenPro end user can install OpenPro on the server of their local area network, with no Internet connection and all the workstations on the network can have access to OpenPro and people can happily do their work with no fear of intrusion or hackers. OpenPro is designed with built-in security to guard against potential hackers. At OpenPro we use php5 (more secure prior versions) we do not turn on PHP options that are vulnerable, we test for Shell, HTML, ASP, PHP code and SQL injection. All to make sure our customers have a safe and secure business system.

OpenPro was designed with the Internet in mind. The benefits of using OpenPro are huge.

  • You can connect to your business from anywhere there is Internet access, including a dial-up connection.
  • You can connect from a PC in your home office, an Internet café, or a hotel lobby. You can connect with your laptop, Internet-ready PDA or Cell phone.
  • No client-side software is needed, only a browser. We have tested OpenPro with multiple browsers, including the new Firefox browser and it works fine.
  • If you are out on location and you have a wireless tablet PC, you can maintain a real-time connection to your business.
  • With OpenPro, you will never need to call the office and ask someone to fax a report or document to the hotel you will be checking into later that day. No more calling the office unless you want to!

All of these benefits are yours, only if you allow OpenPro to have the Internet connection it was designed to have.

So now, let’s cover the basics of security.

128-Bit Encryption

OpenPro uses Secure Sockets Layer (SSL) for secure transmissions. SSL applies encryption between two communicating applications, such as your PC and our corporate Internet server. When your data is transmitted over the Internet, it is encrypted or “scrambled” at the sending end and then decrypted or “unscrambled” at the receiving end.

We use 128-bit encryption, the highest level generally available today.

A cookie is a small piece of information, which is created by a web server during a user's visit to a website. If you configure your web browser to alert you regarding the presence of cookies, you may receive a notice that a web server wishes to set a cookie. There are two kinds of cookies — “persistent” and “transient”.

Sometimes we use persistent cookies, which remain on the hard drive of your personal computer. We use persistent cookies for a number of purposes including to store your preferences for certain kinds of information, to provide you with access to certain websites for which you have previously registered, to retrieve any information you have provided to us previously, etc. You can set your browser to disable cookies or prevent them, or you can delete cookies, which have already been set by instructing your browser accordingly.

To access some information on our website, you'll have to set your browser to enable cookies. The persistent cookies used on OpenPro’s websites are available only to OpenPro or to certain agents of OpenPro who are performing services or hosting specific websites on our behalf.

We may also use transient cookies, which are not stored on your hard drive and are not available to anyone other than OpenPro. Transient cookies contain information that identifies you and allows you to navigate on our site from one page to another without requiring you to log in again on each page. When you leave our site, or when your session expires, the transient cookies expire.

Your OpenPro log in screen

When you log into OpenPro, you must supply 3 elements to successfully log in:

  • User Name
  • Password
  • Company ID

If any of these are not correct, you will not connect. Having a company ID field is necessary if you have more than one business or more than one location. OpenPro can successfully manage multiple businesses and locations. The businesses are automatically kept financially separate. The Company ID field also allows for an additional level of security. Here you have 3 items to enter correctly or you will be unable to connect. Our password is encrypted and could not be copied.

OpenPro Rules

OpenPro is a Rules-Based system. Log in security can be as loose or as tight as you want it. The most basic rule for logins is “3 strikes and your out”. A user will have 3 chances to login correctly or they will be locked out. The username and IP address of where the login attempt was made are recorded and disabled until an administrator releases the lock.

If you want a real “James Bond” level of security, login procedures could be restricted to specific IP addresses. What that means is when a user logs in to the OpenPro system, he must do it from a computer that matches one of the IP addresses found on the security list.

If a user is not using an “authorized” workstation and they still have a valid User Name, Password and Company ID, but the IP address is wrong, they will not get into the OpenPro system. This is an extreme level of security and it would defeat some of the benefits listed at the beginning of this article.

We know that use of standard 128-bit encryption of passwords is enough security to keep your business safe and give you the flexibility to access your business through OpenPro, anywhere in the world from any Internet accessible appliance.

Some more information on encryption

The numbers used as encryption keys are analogous to combination locks. The strength of encryption is based on the number of possible combinations that a lock can have. As the number of possible combinations grows, it becomes less likely that anyone would be able to guess the combination in order to decrypt the message.

Today's browsers offer 40-bit encryption or 128-bit encryption. Although both result in a large number of possible combinations (240 and 2128 respectively), for your protection, our servers require the browser to connect at 128-bit encryption.

Imagine 128 light bulbs that can individually be set to on or off. Now imagine all the different combinations possible.

That's 340,282,366,920,938,000,000,000,000,000,000,000,000 possibilities.

Some more Security items

OpenPro separates the database data and the coding. The data is stored secured on the SQL server. A separate password would be required to access the SQL server information from your login information. This keeps your data secured at all times.

For every screen displayed from OpenPro, it checks for proper login id and password. If the password or login is not correct the screen will not be displayed.

You can rest assured that when using the OpenPro ERP software your data is secured.