Alpha Software Blog

Filter by Category
show all


A Quick Overview of Application Security Built Into Alpha Anywhere

Richard Rabins

ssssssssssssssssssssssssssss

We frequently get questions about the security capabilities of Alpha Anywhere. Application security is a critical component of most enterprise apps. Alpha Anywhere offers a security framework out-of-the-box that simplifies the process for adding security to mobile apps. Alpha ships with pre-built login components that can be dropped into any mobile app.

Security (along with offline support, backend data integration, and the quality of the mobile and web experiences that can be built with Alpha Anywhere)  is one of the core strengths of Alpha Anywhere.

Alpha Anywhere's Framework for Security

Here is a recent reply by Jerry Brightbill one of our security specialists at Alpha to a recent question about security.

"Alpha Anywhere has a built in web security system that is managed by the server.  When active, all requests to the server go through the security system, even requests for basic support files such as CSS files, images, and other common files.  This applies to AJAX callbacks and even requests for reports. The logic is deny unless specifically allowed.

We also can add security to specific elements in components such as buttons, or even whole sections of HTML.  If the current user doesn't have sufficient rights to view the element, the server completely removes the element or section from the response, and it is not sent to the client. Some companies want to use Active Directory for authentication and authorization, and that is supported in Alpha Anywhere.  When using Active Directory, the AD handled the authentication and sets the authorization permissions.  The Alpha Anywhere application server manages the actual authorization.We have quite a few system using Alpha Anywhere that must meet strict security regulations such as HIPAA.  These systems have been audited by third party companies which have approved the systems are meeting the requirementsSQL injection is always a concern, but all CRUD operations inside Alpha Anywhere are managed by the internal code and that code has a number of checks to prevent injection. We are constantly evaluating security risks, and always attempt to stay current with the latest issues.  For example, when the heartbleed bug was identified, we supplied the fix in a patch as soon as it was released. This has also happened with Poodle and numerous other threats that external hackers are constantly launching.
Security, application security
Prev Post Image
Coming soon in Alpha Anywhere - pre-release is now available to subscribers
Next Post Image
Tracking Down Why a Request Failed Under IIS

About Author

Richard Rabins
Richard Rabins

Co-founder of Alpha Software, Richard Rabins focuses on strategy, sales, and marketing. Richard also served as CEO of SoftQuad International from 1997 to 2001, when it owned Alpha. In addition to his 30 years with the company, Richard played a key role as co-founder, and served as president and chairman of the Massachusetts Software Council (now the Massachusetts Technology Leadership Council), the largest technology trade organization in Massachusetts. Prior to founding Alpha, Richard was a project leader and consultant with Information Resources, Inc. (IRI), and a management consultant with Management Decision Systems, Inc. Richard holds a master's degree in system dynamics from the Sloan School at MIT, and a bachelor's degree in electrical engineering and master's degree in control engineering from University of the Witwatersrand in Johannesburg, South Africa. He has served on the boards of Silent Systems, Legacy Technology and O3B Networks, and is co-founder of Tubifi www.tubifi.com.

Related Posts
Top Security Concerns for Low-code and No-code Development
Top Security Concerns for Low-code and No-code Development
How No-Code/Low-Code Can Solve Info Management Woes
How No-Code/Low-Code Can Solve Info Management Woes
Building Mission Critical Applications with Low-Code/No-Code
Building Mission Critical Applications with Low-Code/No-Code

The Alpha platform is the only unified mobile and web app development and deployment environment with distinct “no-code” and “low-code” components. Using the Alpha TransForm no-code product, business users and developers can take full advantage of all the capabilities of the smartphone to turn any form into a mobile app in minutes, and power users can add advanced app functionality with Alpha TransForm's built-in programming language. IT developers can use the Alpha Anywhere low-code environment to develop complex web or mobile business apps from scratch, integrate data with existing systems of record and workflows (including data collected via Alpha TransForm), and add additional security or authentication requirements to protect corporate data.

Comment