Security

Elephant security system is used to isolate contents based on user granted permissions. The content is generated at server side based on this security system.

Basic security points

  • User passwords.
  • User social group syndication.
  • User roles, mainly granted through social groups.
  • User permissions, defined by roles.
  • User fuzzy roles, discovered by user activity.

Passwords

Elephant uses a symmetric cipher with a unique key pair, to produce the ciphertext to be stored.

Before stored, the application measures the password strength and shows the result as a percentage. The rules for measuring the strength are:

  • for length: [...4] = 3, [5...7] = 6, [8...15] = 12, [16...] = 18
  • has lowercase: = 2
  • has uppercase: = 2
  • lowercase > 2 and uppercase > 2: = 2
  • for numbers: = min{number, 3} * 2
  • lowercase > 2 and uppercase > 2 and numbers > 0: = 2
  • for special characters: = min{specials, 3} * 2
  • lowercase > 2 and uppercase > 2 and numbers > 0 and specials > 0: = 2

isInRole method

Elephant provides isInRole convenience method to check user assigned points. The method takes as string parameter with a permission checking syntax. The parameter are the ORed permissions to be checked, separated by |.

Suppose a sample user assigned to Privileged Customers social group. This social group grants the DossierParticipant role, which carries dossier=list,show permissions.

Check type

Syntax

Example

Permissions

permission:detail

dossier:list

Roles

#role:on

#DossierParticipant:on

Syndications

@syndication:on

@customer:on

Fuzzy roles

@fuzzyrole:is

@worker:is

Actors

@actor:actor_name

@actor:PartnerNetwork

When more than one check, they can be ORed: dossier:list|@customer:on.

Printer version
English03/17/21 04:15Lluís Turró Cutiller
English11/21/21 16:31Lluís Turró Cutiller
English01/14/22 12:43Lluís Turró Cutiller