SourceAnywhere Hosted incorporates a range of security features that secure your
source code from accidents and malevolent attacks. Here's how the features break
- Secure Sockets Layer (SSL) Protocol
Secure Sockets Layer (SSL) is a strong cryptography and security protocol used to safeguard sensitive data during transmission over open, public networks. Originally developed
by Netscape to secure online financial transactions, SSL is now one of the leading security protocols on the web. Today, SSL supports millions of online transactions every day
and is the de facto standard for secure online credit card purchases, stock trading and
SourceAnywhere Hosted provides 128-bit SSL encryption to protect your data, including
passwords and data files, being transferred across the Internet.
- Sophisticated Password Policy
Passwords are the front line of computer security. SourceAnywhere Hosted uses an
industry-standard approach to password policy. We enable granular control of password
length, memory, complexity and expiration.
The 'Minimum password length' and 'Password must meet complexity requirements' settings can make a password very difficult to hack.
The 'Enforce password history' feature prevents old passwords from being reused again
The Maximum password age feature can force the user to change his/her password after
a certain period and if an attacker cracks the password, he/she only has access to the network until the password expires. Also, since the password must be changed periodically,
it is difficult for attackers to crack.
The 'Lock out' option prevents hackers from guessing at passwords. This feature is particularly important for network applications, like SourceAnywhere Hosted. Here's the
example. If a server responds to a login request in 100 milliseconds, an attacker can try
36,000 different passwords in 1 hour. By using the 'Lock out' setting, administrators can
minimize the number of password attempts within a specified time frame. For example, if
an administrator mandates a 10-minute lock out after five incorrect attempts, the attacker
can only try 30 passwords within one hour. This obviously makes a password much safer.
- Independent and Isolated Databases for Each Customer
In the SourceAnywhere Hosted server each customer's data is stored in an independent,
dedicated database that's isolated from other customers' data. Customer can only access
their specified database, and operations on any other database will have no influence on
other customers' data.
- Database Encryption, the Ultimate Way
SourceAnywhere Hosted provides database encryption, which is an ultimate approach to
protect your data. With database encryption, all of your file content stored in SQL Server
is encrypted by a passphrase you provide during the encryption process. Under the
unlikely worst scenario, even if your database is copied without your permission, no one
can read a single file in your repository unless they know your passphrase.
This is how it works: when a SourceAnywhere Hosted server is restarted, an unlock process is required before the server dynamically decrypts your data. Your passphrase is
then verified for the unlock. Once the unlock process is complete, your developers can
check in and check out files as usual.
Even after the unlock process, the data in your database is still encrypted. This is
because SourceAnywhere Hosted servers dynamically decrypt file content into memory
only when the file is requested. Combined with cache file encryption, SourceAnywhere
Hosted's database encryption guarantees that none of your files is written to hard disk
without being encrypted first.
There are two options for database encryption:
- Your passphrase is encrypted by a public key using a certificate issued by VeriSign and stored in a secured place. If you forget your passphrase, Dynamsoft will
use the private key of the certificate to recover your passphrase. The private key
is protected by a rigorous security policy and is known to only two persons at
Dynamsoft: the Chief Systems Administrator and the CEO.
- Your passphrase is not stored. This gives you extra security, but you run the risk
of rendering your entire database useless if the passphrase is lost or forgotten.
- Cache File Encryption for Speed and Security
SourceAnywhere Hosted uses a sophisticated cache mechanism and Cache server to reduce server workload and improve performance. For the cached files, SourceAnywhere Hosted uses Blowfish encryption to ensure the security of data during the process
The passphrase is randomly generated by the server when it is started and discarded
when the server is down.
Combined with database encryption, cache file encryption guarantees that no file content is written to hard disk without being encrypted.
- Login Log for Monitoring Suspicious Activity
You can use SourceAnywhere Hosted's Login Log to view the 10 latest login attempts to
Hosted Server using your organization ID and user name. Using this feature, you can
easily identify any suspicious activity in your account. For example, you did not use
SourceAnywhere Hosted yesterday, but you see a login log for yesterday or you use
SourceAnywhere only from the office but you see an unfamiliar IP in the login log. Once
the suspicious activities are identified, proper measurements can be taken to stop the
- Flexible IP & MAC Filter Rules
You can set up IP & MAC filter rules in SourceAnywhere Hosted. You can create rules for
a collection of IP and MAC addresses that allow only specified addresses to access your
SourceAnywhere Hosted account. If you choose not to define rules, then all traffic is
The optional IP filter adds another layer of security. For example, if you only access
SourceAnywhere Hosted from your office, you add your office IP address in the filter so
your SourceAnywhere Hosted account cannot be accessed from outside of your office. If
you also access SourceAnywhere Hosted from home, you can add the IP address of your
home in the filter. In the case that your IP address is dynamic (using dial-up), you can
simply input your network interface card's MAC address into the filter. Also you can use
MAC addresses exclusively to make sure only the specified physical machine can access
your SourceAnywhere Hosted account.
Note: IP Filter does not apply to SourceAnywhere Hosted web site.
- SSL Certificate for Web Site Access
All your account information on our website is encrypted by SSL Certificate.
- Secure Backup Encryption
All SourceAnywhere Hosted backups are password encrypted. Plus, the backup folder is also encrypted using Microsoft Windows 2003 Public Key Infrastructure (PKI) file system.