Elephant security system is used to isolate contents based on user granted permissions. The content is generated at server side based on this security system.

Basic security points

• User passwords.
• User social group syndication.
• User roles, mainly granted through social groups.
• User permissions, defined by roles.
• User fuzzy roles, discovered by user activity.

Passwords

Elephant uses a symmetric cipher with a unique key pair, to produce the ciphertext to be stored.

Before stored, the application measures the password strength and shows the result as a percentage. The rules for measuring the strength are:

• for length: [...4] = 3, [5...7] = 6, [8...15] = 12, [16...] = 18
• has lowercase: = 2
• has uppercase: = 2
• lowercase > 2 and uppercase > 2: = 2
• for numbers: = min{number, 3} * 2
• lowercase > 2 and uppercase > 2 and numbers > 0: = 2
• for special characters: = min{specials, 3} * 2
• lowercase > 2 and uppercase > 2 and numbers > 0 and specials > 0: = 2

isInRole method

Elephant provides isInRole convenience method to check user assigned points. The method takes as string parameter with a permission checking syntax. The parameter are the ORed permissions to be checked, separated by |.

Suppose a sample user assigned to Privileged Customers social group. This social group grants the DossierParticipant role, which carries dossier=list,show permissions.

When more than one check, they can be ORed: dossier:list|@customer:on.