Skip to main content

LMS Portals Security Overview

LMS Portals
  • Updated

We take platform and data security seriously to ensure that your portals and client data remain safe. Below is a clear and easy-to-understand overview of the security measures implemented on the LMS Portals platform.

1. Database Security

We have designed LMS Portals with robust database security to protect sensitive data.

1.1 Dedicated Databases

  • Each new portal gets its own dedicated database.
  • Benefits:
    • Faster troubleshooting and debugging in live environments
    • Improved performance and speed
    • Reduces the risk of a system-wide breach

1.2 Database Credentials

  • Each database uses its own secure credentials.
  • Passwords are stored in encrypted format, never in plain text.

1.3 Indexing

  • Key database columns are indexed to ensure faster query execution and optimized performance.

1.4 Cascading / Constraints

  • Cascading relationships between tables ensure:
    • Child records are removed when related parent records are deleted
    • Prevents accidental or malicious deletion of key records
    • Reduces risk of data scraping or front-end errors

1.5 Minimized Database Value

  • We only store necessary data.
  • Unneeded or expired data is securely deleted.
  • Long-term compliance data may be moved to offline secure storage.

1.6 Strong Passwords

  • User passwords must include:
    • Minimum 8 characters
    • Uppercase and lowercase letters
    • Numbers and/or special characters
  • Passwords are hashed and encrypted using modern cryptography.

1.7 Daily Backups

  • Databases are backed up daily.
  • Backups protect against data loss from hardware failure, hacking, or natural disasters.

1.8 SQL Injection Prevention

  • LMS Portals uses the CodeIgniter framework and query builders to prevent SQL injection attacks.

1.9 Physical Database Security

  • No direct access to databases.
  • Database credentials are restricted and encrypted.

2. Server and Application Security

We also protect the servers and applications that host your data.

2.1 Server Hardening

  • Fail2ban is installed to block repeated failed access attempts (3 strikes rule).
  • SSH access requires a private security key and passphrase.

2.2 Secure Storage of Sensitive Data

  • No sensitive data (passwords, keys) is stored in plain text or source code.
  • All API keys, client IDs, and passwords are encrypted in the database.

2.3 Directory and File Security

  • Directory listing is disabled to prevent unauthorized browsing.
  • .htaccess files are added to protect uploaded files.

2.4 Secured Admin Access

  • Direct access to phpMyAdmin is blocked.
  • Only approved IP addresses can access the database tools.
  • Unauthorized attempts are redirected to a forbidden page.

2.5 Encryption Standards

  • LMS Portals uses SHA512 hashing for passwords.
  • Sensitive data is encrypted using a proprietary encryption/decryption process.

3. Key Security Takeaways for Partners

  • Each portal’s data is isolated and encrypted.
  • Strong password policies and modern cryptography protect user accounts.
  • Servers are hardened against unauthorized access.
  • Regular backups and indexing ensure reliability and performance.
  • Sensitive data is never stored in plain text.

Comments

0 comments

Article is closed for comments.

Powered by Zendesk