DC 5.1.0 5 Security
- Magnus Frank
- Brian Bak Laursen
Security is a top priority to Digizuite and we follow best practices and principles within Software Development to stay on top. This section describes how security is handled in the Digizuite.
Recommendation
Digizuite is recommended to be installed as a https site using the most recent tls protocols.
Token based security
Digizuite uses a token based security, where a token is validated on each API request. The token contains information about the user and access rights are resolved based on this. Security tokens expires after a configurable time interval thereby removing access to content accessed directly using a security token.
Digizuite has three different access rights:
- Read
- Write
- None
If a user has read, the user is allowed to see content, but not alter. If the user has write, it can see and alter content. Lastly having none of the before mentioned rights disallows access.
Access rights can be set directly on the user or on a user group. It can be set directly on individual asset or on the folder in which the asset is placed.
Role based security
On top of the token based security, Digizuite uses a role based security system, to protect access to certain features and functions. An example of this is allowing upload from frontends, which is protected by a role. A complete list of all available roles can be found here
A role can be assigned directly to a user or a user group.
Penetration Testing
The Digizuite platform follows best practices and principles within software development to ensure safety of our users. Vulnerability Assessments and Penetrating tests are carried out by 3rd party vendors and results can be requested.