A Quick Overview of Applicatoin Security Built Into Alpha Anywhere
We frequently get questions about the security capabilities of Alpha Anywhere. Application security is a critical component of most enterprise apps. Alpha Anywhere offers a security framework out-of-the-box that simplifies the process for adding security to mobile apps. Alpha ships with pre-built login components that can be dropped into any mobile app.
Security (along with offline support, backend data integration, and the quality of the mobile and web experiences that can be built with Alpha Anywhere) is one of the core strengths of Alpha Anywhere.
Alpha Anywhere’s Framework for Security
Here is a recent reply by Jerry Brightbill one of our security specialists at Alpha to a recent question about security.
“Alpha Anywhere has a built in web security system that is managed by the server. When active, all requests to the server go through the security system, even requests for basic support files such as CSS files, images, and other common files. This applies to AJAX callbacks and even requests for reports. The logic is deny unless specifically allowed.
We also can add security to specific elements in components such as buttons, or even whole sections of HTML. If the current user doesn’t have sufficient rights to view the element, the server completely removes the element or section from the response, and it is not sent to the client. Some companies want to use Active Directory for authentication and authorization, and that is supported in Alpha Anywhere. When using Active Directory, the AD handled the authentication and sets the authorization permissions. The Alpha Anywhere application server manages the actual authorization.We have quite a few system using Alpha Anywhere that must meet strict security regulations such as HIPAA. These systems have been audited by third party companies which have approved the systems are meeting the requirementsSQL injection is always a concern, but all CRUD operations inside Alpha Anywhere are managed by the internal code and that code has a number of checks to prevent injection. We are constantly evaluating security risks, and always attempt to stay current with the latest issues. For example, when the heartbleed bug was identified, we supplied the fix in a patch as soon as it was released. This has also happened with Poodle and numerous other threats that external hackers are constantly launching.