Following image represents the data security issues in this chapter:

 

Data Transfer between the Components

 

Every time that data moves from one place to another, there is always a risk that somebody is listening. This is especially a concern when data is being moved in the Internet.

 

To resolve this concern, QPR Metrics provides built-in security to some extent and allows many 3rd party security middlewares to take care of it.

 

 

Socket Connections

 

As illustrated in the image above, there are socket connections between the QPR Metrics Server and the QPR Metrics client as well as between the QPR Metrics Server and the QPR Web Application Server. Both of these connections are often made over an intranet and therefore are not a major concern. However, to provide superior data security, QPR Metrics has a built-in data encryption / authentication mechanism for these two connections, as intranet is not required for transferring data between clients and the server. Encryption mechanism is based on Microsoft Crypto Library.

 

 

HTTP Connections

 

The QPR Metrics Web Client uses only the standard hypertext transfer protocol to transfer data to and from the Web Application Server. It is recommended to use a web server provided security layer like SSL in these connections. Also web server vendor-specific authentication methods can be used to provide even better security.