CAT eLog ecurity -07-19.doc

CAT e-Log Security Features and recommend GXS Trade Grid system security mechanisms include application security, database security, network security, to apply high security, not only include system setup and configuration, also include some system maintenance process and Infrastructure setup. APPLication SECURITY The security of application program mainly contains User Authentication，Access Control，Encryption the confidentiality data，data integrity，audit log etc Authentication： User name，Password Use the user name to logon system with password. In order to protect security of the system ：对用户的密码系统可以配置安全性的要求: Security requirements of password system by users; Password length 强制用户口令的强度，长度要求8位以上数字，字母和特定字符组合 Limit strength of user password, the length should greater than 8 and should be combination of letters and characters. 密码有效期： Password validity: 密码存在有效期，用户密码到期后，必须修改密码。 Each password has a validity, users must modify password when the password is due. 登录验证码和session 有效期 Login verification code and session validity. 在登陆页面添加校验码，以防止攻击者使用攻击进行口令猜测 Add verification code on the logon page in order to protect from password guess by attackers. 用户登陆出错次数限制，以防止攻击者猜测口令 Limit error times of user logon to protect from password guess by attackers. Session 缺省为15分钟有效期，防止因人员长时间离开计算机时，别人冒名操作。 Validity of Session is 15 minutes, It is to protect imposter operation by others when the operator leaves. 用户在浏览器上长期没有操作，服务器会自动将session 过期，用户再次访问时必须重新登录。 If user do not operate on the page, the server will automatically view session expired. User should login again next time. ACL (Access Control List) 系统的ACL 不仅控制用户数据的操作权限，还控制用户可查询，操作的数据权限 ACL of the system not only control operate privilege of user data, also control privilege of querying and operating data. 操作权限 Operate privilege 用户的操作权限采用用户，角色，权限方式设置。系统管理员可以配置用户（角色）可以进行那种操作，禁止用户进行他没有权限的操作。 Operate privilege adopt user, role, privilege to setup. System administrator can operate by user co