Security
Elephant Security System is used to isolate contents based on user granted permissions. The content is generated at server side based on this security system.
Basic security points
- User passwords.
- User social group syndication.
- User roles, mainly granted through social groups.
- User permissions, defined by roles.
- User fuzzy roles, discovered by user activity.
- Conceptual permissions, related to entity's components and module specific.
Passwords
Elephant uses a symmetric cipher with a unique key pair, to produce the ciphertext to be stored.
Before stored, the application measures the password strength and shows the result as a percentage. The rules for measuring the strength are:
- for length: [...4] = 3, [5...7] = 6, [8...15] = 12, [16...] = 18
- has lowercase: = 2
- has uppercase: = 2
- lowercase > 2 and uppercase > 2: = 2
- for numbers: = min{number, 3} * 2
- lowercase > 2 and uppercase > 2 and numbers > 0: = 2
- for special characters: = min{specials, 3} * 2
- lowercase > 2 and uppercase > 2 and numbers > 0 and specials > 0: = 2
isInRole method
Elephant provides isInRole convenience method to check user assigned points. The method takes as string parameter with a permission checking syntax.
The scripts also provide a facade map named rolemap. The checking syntax will be rolemap['root:permission'].
See [ Social groups, Permissions, Scripting, Actors, Concept permissions ]
