Web application security

The Web application can be protected so only authorized users can access it (system of users and of permissions) and also the Web server and HTTP protocol can be protected (encryption, security settings for message headers, etc.).

Setup and managemnt of users and user groups

The criteria are set for all PROMOTIC users (local and network) that have to be met on log-on by the user so as he would be accepted by the system. The most important are the login name and password. The verification of the user's identity is crucial for the following users access limitation to critical parts of the application by creating permissions at individual parts of the application or by scripts. In order to limit the access of each user into the critical parts of the application the user groups are used (also the user priority can be used for this purpose).
Basic or Digest authentization can be used for PROMOTIC users, NTLM authentization can be used for Windows users in domain. Authentication selection can be done in the "Extended configuration" configurator.
Caution! With the Basic authentication, the names and passwords in the HTTP request headers encoded in Base64 are unencrypted and can be detected. Therefore it is recommended to use the encrypted protocol HTTPS that eliminates the risk significantly. Another option is, using the secure Digest authentication, so the password cannot be detected. In such case only the Hash (i.e. Digest) of the password is transmitted. The highest security level is provided by NTLM authentication of Windows users in domain, where the authentization is done by the browser against the domain. This method is commonly used in enterprise intranet networks.

See Users, Permissions, PmUser, Users and permissions.

HTTPS - secured HTTP protocol

Setting of the "https service" configurator will enable encrypted connection between the Web browser and the Web server, making it secure against tapping and data forgery. HTTPS (Hypertext Transfer Protocol Secure) uses the HTTP protocol and the transmitted data is encrypted by SSL/TLS. The basic component of security provided by SSL/TLS protocols is based on digital certificates.

See HTTPS - secured HTTP protocol.

Setting the headers in HTTP response of the Web server

There are the headers of HTTP requests (RequestHeaders) that are set by Web browser. There are also headers of HTTP response (ResponseHeaders) that are set by PROMOTIC Web server. The headers can be used to significantly affect the security level and browser behavior using HTTP communication.

See Extended configuration.
PROMOTIC 9.0.27 SCADA system documentation MICROSYS, spol. s r.o.

Send page remarkContact responsible person
© MICROSYS, spol. s r.o.