1. General security principles

    Article: AN0001560Updated:

    ObjectGears is an .Net application working with a database on MS SQL Server.

    The application can communicate both on http and https protocols. From perspective of a general security of working with application we recommend https protocol.

    ObjectGears include a built-in role Administrator which can use all the application functions. This role is assigned to users in the web.config file. This is why users of ObjectGears should not have access to this file. Therefore, restrict write access rights on the file system of the ObjectGears instance. Due to same reason write access to the file system of the ObjectGears instance should not be granted to the technical account, under which ObjectGears instance is running, in order that user cannot change the web.config file from the application (by means of script or modul), and so obtain higher access rights than those granted to him/her in ObjectGears. Technical account of ObjectGears can do with read access on the web file system. Only system administrator should have write access to this file system.

    User authentication

    Authentication can be realized in one of two ways depending on web.config file settings:

    1. Authentication by means of user name and password
    2. Windows authentication (application takes over identitz of the user logged in MS Windows on the client)

    User log off

    In case of the authenication by user name and password there is icon for user log off available in the context menu upper right corner of ObjectGears screen.

×