top of page

Sicurezza

What is Ground'81 
Ground'81 is a framework developed byWeb'81 specifically for hosting web applications. Its current version (the third) stands out for its high performance and limited bandwidth consumption. Thanks to Ajax technology, style sheets and javascript libraries are loaded only once per session, while allowing the user to load almost
snapshot of the requested section. 
The framework offers a range of common and necessary functions for most systems, "by itself" it does not perform any type of operation, but acts as a manager of modules created ad hoc, for which it simplifies and organizes the work.
Having to develop a customized solution, it is preferable to rely on a framework both in terms of efficiency in the development phase and for maintenance programs that allow applications to be kept updated over time with new features. 
As far as user profiling is concerned, the framework allows you to associate it with two characteristics: membership structure and pertinence role.
The structure indicates a set of users who deal with a given number of "information", generally coincides with the offices or branches of a company. Each structure has its own independent range of users and may have underlying structures (substructures), which in turn will have their own users and possibly substructures.  

The tree structure that is formed becomes important not only for organizational purposes, but also for the functional one. In fact, every user, regardless of the structure he belongs to, has a role. Roles allow you to simplify the control of permissions, since they allow both to specify to which functions, and to which data level they can
access the various users.
The functions depend on the system that will be implemented and indicate the individual operations that can be performed by an operator, for example in a document management module we will have the following functions: View Document, Add
Document, Edit Document and Delete Document. We will match each role with permissions and functions which will then be attributed to users who play that specific role. Instead, data control takes place by cross-referencing the user and the structure to which they belong, maintaining the parental degree between the structures. In practice, access to data is
divided into four levels: 
• Own data: I only view the data assigned to me. 
• Own Structure: Access to all assigned data and to all those assigned to users of  own structure. 
• Own Structure and Underlying Structures: Access to all assigned data, to all data assigned to users of your own structure or underlying structures. 
• Complete view: Complete access to any data, regardless of its location and to the belonging of the data. Returning to the example of the document management module, this classification will allow a user to access only his own documents, those of his colleagues, rather than to those of the controlled branch. 

Among the most popular standard modules: 
• Authentication: user management module, with related permission management and access tracking. 
• Power Forms: a set of tools to implement the standard features of the forms. 
• Messages: a communication system similar to emails that allows you to send messages to a single user, a group or one or more structures 
• Comunication: user-user asynchronous communication system that develops on the basis of dialogues and graphically recalls the display of SMS on modern smartphones. 
• Live Chat: real-time communication with other users connected to the system. Doesn't work offline. 
• Sidebar: a retractable bar that can be configured to contain information of various types. 
• Documentor: a small document manager, which allows you to share files with groups of users (identified by role and by belonging structure). 
• Notify: notification management system. Notify works by showing a timed box in the upper right corner of the browser. In addition, it integrates a polling between client and server allowing to perform checks also on client events. 
• Babel: module for multilingual management of the entire system. 

Integration with external libraries 
• DataTables: for managing tabular data 
• Highcharts: for on-demand generation of graphs without the use of Flash or Silverlight 
• TCPdf: for generating PDF documents 
• PHPMailer: for sending emails (even massive ones) 
• Google Maps: integration with services. 

API Connect 
Api Connect is a module integrated with the Ground '81 framework that allows data exchange with the platform and the outside world via REST API communication. The web service allows simple HTTP calls through which it is possible to send data insertion or reading instructions, or even simply to perform server-side operations. 
The data is communicated in JSON format. 
Authentication 
Authentication takes place through the recognition of 2 codes (user and password). The system generates a token that remains valid until it expires, or until one of the parties requests the generation of a new key or until it is revoked by the administrator. 
Based on the customer's request, the system can accept calls from any address or only those that come from a list of servers contained in a "white list" of IPs. 
Hashing protocol 
In order to guarantee a high level of safety, but above all to be sure that there have been no anomalies during the  data transmission, a hash algorithm is used based on a key known by both parties, but not shared in the communication. 
The best way to explain how it works is to give an example. 
Let's imagine that Alice wants to declare her love to Bob, to do this she decides to send a message to Bob by post. 
So far so good, but James, Alice's ex-boyfriend, is not happy about it and decides to play a trick on his old flame. James pretends to be Bob by tricking the postman, intercepts Alice's message, changes it and then forwards it to poor Bob. 

Bob has no way of spotting the scam because he has no means of determining whether the message he received really came from Alice. The solution to the problem comes through the cryptographic hash functions. 
In essence, these functions are able to return a "signature" of a particular content, the peculiarity that interests us is that if the content changes by even just a single character, the returned signature is different. It is not possible to trace the content from the signature, but we are sure that two contents with the same signature are certainly the same. 
Let's go back to Bob and Alice. There is one thing that only the two of them know: the name of the song that played at the party where they first met, "Purple Rain". 

Alice then takes her message, adds the name of the song (the "secret") and passes it through a hash algorithm, generating a "signature". He then takes the original message, attaches the obtained signature and sends it to Bob.  
Bob, once he gets the message, retrieves the content and temporarily puts aside the received signature. 
Then he performs the same signing procedure performed by Alice, using their shared secret “Purple Rain” and checks if the signature he obtained coincides with the one received. 
The signatures match and Bob is sure that the message received was really written by Alice. But are we really sure this time? What if James tries to change the message again? 
This time, although James knows perfectly well the procedure for signing agreed between Alice and Bob, he does not know their secret, and since it is not sent by post (the famous unsafe channel) he has no way of obtaining it.  
In practice, James could try to change the text without changing the signature, but the hash function would notice the change and generate a different signature. Bob would then have a message with a different signature than the one verified by him and would immediately know that the message is not “genuine”. 

The example, however playful it may be, perfectly conveys the idea of both the functioning and the importance of this device. 


Hash calculation 
In our case, the hash calculation is performed simply by applying the SHA1 algorithm to the string obtained by appending the "secret key" (the one that was "Purple Rain" in the example) to the transmitted "data" field.  


Cloud service 
The program is provided as a cloud service accessible via a web platform. 
Its consultation will be possible via any device (fixed or mobile) equipped with web access and a browser compatible with the recent HMTL standards. 
Each user has access through a personal account. The licensing system only considers active accounts, it is therefore possible to disable obsolete users while keeping their data.  
The data will be kept for the duration of the service, an export with an hourly rate may be requested upon termination. 
In addition to access to the software system, the fee includes:  
• VM HA with mirroring operation 
• Owned hypervisor server 
• Backups 
• Disaster and recovery 

• Server configuration optimized for applicationsWeb 81  

bottom of page