The web application can be protected so only authorized users can access it (user rights subsystem) and also the Web server and HTTP protocol can be protected (encryption, security settings for message headers, etc.).
Setup and managemnt of users and user groups
The criteria are set for all PROMOTIC users (local and network) that have to be met on log-on by the user so as he would be accepted by the system. The most important are the login name and password. The verification of the user's identity is crucial for the following users access limitation to critical parts of the application by creating permissions at individual parts of the application or by scripts. In order to limit the access of each user into the critical parts of the application the user groups are used (also the user priority can be used for this purpose).
authentization can be used for PROMOTIC users, NTLM
authentization can be used for Windows
users in domain. Authentization selection can be done in the "Extended configuration
authentization, the name and password in the HTTP request headers in Base64
unencrypted form can be detected. Therefore it is recommended to use the encrypted protocol HTTPS
that eliminates the risk significantly. Another option is, using the secure Digest
authentication, so the password cannot be detected. In such case only the Hash
) of the password is transmitted. The highest security level is provided by NTLM
authentization of Windows
users in domain, where the authentization is done by the browser against the domain. This method is commonly used in enterprise intranet networks.
, Users and permissions
HTTPS - secured HTTP protocol
Setting of the "https service
" configurator will enable encrypted connection between the Web browser and the Web server, making it secure against tapping and data forgery. HTTPS
(Hypertext Transfer Protocol Secure
) uses the HTTP
protocol and the transmitted data is encrypted by SSL/TLS
. The basic component of security provided by SSL/TLS
protocols is based on digital certificates
see HTTPS - secured HTTP protocol
Setting the headers in HTTP reply of the web server
There are the headers of HTTP requests (RequestHeaders
) that are set by Web browser. There are also headers of HTTP response (ResponseHeaders
) that are set by PROMOTIC web server. The headers can be used to significantly affect the security level and browser behavior using HTTP communication.
see Extended configuration