What language is used for OA system development, and what is the security?

There are two main development languages, C# java, others and, of course, php. Now java is the mainstream. Every system and every company has different security designs. I don't know the rest. If we use our system, we can at least ensure the security of your system in the following ways:

The security scheme of westsoft office automation system;

1. 1 Compatibility of security systems

An important idea of the security system of this scheme is the compatibility of security technologies. Because different implementation units have more or less certain security precautions, compatibility with mainstream security products is very important. All security measures of collaborative OA platform are compatible with current mainstream and standard security technologies and products, and are fully supported.

1.2 system architecture security

The architecture of application system has become an important line of defense to protect system security. An excellent system architecture can not only ensure the stability of the system, but also encapsulate different levels of business logic. The "black box" operation between various business components can effectively protect the concealment and independence of system logic.

The N-tier and multi-tier architecture adopted in this scheme (which can be called three-tier architecture in specific applications) encapsulates business logic operations and controls that ordinary users don't need to see on the server in the system background, and the user's client is just a simple browser and the final content expression of the system.

Using this isolated system architecture, business logic is invisible to users, which makes malicious visitors even invisible to business logic, let alone maliciously tamper with it, thus ensuring the security and correctness of system logic.

1.3 transmission security

Because the office network involves the access of many users, how to protect the official document object from eavesdropping and tampering in the transmission process has become one of the key problems of the scheme. Use two methods to protect the security of official documents:

Encryption protection of data objects

It supports encrypting the data object itself. In the process of uploading and downloading data, the data is processed through the process of "encryption-transmission-interface-processing", so even if malicious visitors intercept the content of data, they only get a bunch of meaningless data, thus protecting the security of data objects.

Encryption protection of transmission protocol

Support standard secure encrypted transmission protocols provided by Web servers, such as the most mainstream SSL (Secure Socket) protocol. The security of file transmission is further enhanced through encryption protection at the transmission protocol level.

1.4 model security

In this scheme, the prototype collaborative OA platform not only pioneered the domestic custom workflow, but also designed and realized the security model of workflow application at the earliest time to ensure that all business processes were carried out under the preset authority control. Through the combination of three important concepts: "document header attribute", "step" and "role", document circulation ensures that all operations in the process of document circulation are carried out by users with corresponding processing rights.

1.5 protection system combining software and hardware

Collaborative OA platform supports the combination with a variety of hardware and software security devices to form a three-dimensional protection system. At present, in addition to supporting all mainstream software security authentication solutions, such as CA's eTrust products, it can also be compatible with all security hardware with standard technology under the PKI security framework, including all kinds of hardware authentication devices for saving personal digital certificates, VPN remote access gateways based on PKI system, SSL encryption and decryption accelerators, etc. , and supports the dynamic password authentication function of SMS, so it can basically build an effective security line with existing and future security facilities.

1.6 traceability audit

Collaborative OA platform has built-in multi-granularity log system, which can record all actions with different operation granularity in the log as needed to track and audit users' historical operations.

The advantage of multi-granularity log system is that it can not only record in a flowing way, but also record more detailed historical actions according to the requirements of security level; Or simplify and ignore some registrations with low security requirements, so that the follow-up audit work can be simplified and improved.

1.7 Identity confirmation and operation are undeniable.

Identity confirmation has two meanings for collaborative OA platform, one is user identity confirmation, and the other is server identity confirmation.

User identity confirmation is guaranteed by personal digital certificate and password, so that the system can confirm that the user has not been impersonated. At the same time, by combining with the internal recording and logging functions of official documents, the operation is undeniable.

The authentication of the server is also one of the most important technologies, because many hacker technologies have used the identity of the server to defraud the user's password and put it into the Trojan horse. Through the server authentication technology under PKI architecture, the identity of the server is ensured to be correct, and various controls downloaded from the server are also signed by the server, which establishes a good trust relationship between users and machines, which will be of great significance for collaborative work.

1.8 security of data storage

In this scheme, data storage is protected by two mechanisms, one is the access control provided by the system, and the other is the encrypted storage of data. In this scheme, a higher level of security protection, namely data encryption and storage, is adopted.

All files in the database are encrypted with 64 bits and then stored. Even if a malicious visitor steals the password of the database administrator, all he sees is the garbled code generated after encryption.

Data access scope control, key confidential information is refined to record level, and the amount involved is refined to field level.

After the data is published on the web page, the integrity can be guaranteed, and the information content of the web page can be controlled not to be printed, copied and saved.