Security

Document security and privacy is designed into Secure Documents from the initial concept. Documents are protected from acces s by non-users, but also from access by unauthorized though legitimate users of the system.

User Access

Basic user access may be adjusted in several ways to limit or expand authority. More importantly, users may be accorded specific privileges for every document group on the server - ranging from no access whatsoever, to full access including document replacement and expiry. Group privileges may be specified for each group, or can be inherited from groups higher up in the hierarchy - allowing administration of user access to be semi-automated for certain branches of the document database.

Document Server Security

The document server is, of course, protected by passwords and proprietary communication protocols. This, however, does not present an impenetrable barrier to a determined infiltrator. The typical technique used to obtain access to data not authorized for a particular recipient is to first derive a list of information available from the server by using methods such as "SQL injection" to request such data. Secure Documents uses the Lava database, designed to be resistant to these techniques. In addition, the document content is stored not in the database but in files stored on the server - this means that even if an infiltrator does gain access to the information schema, he can at best obtain the title of the document. The content is available only through the Secure Documents application, and requires the correct user and password combination to gain access.