In current version, Open Lowcode has a level of security sufficient for use on intranet for non-confidential information. Especially, one weakness is the hardcoded encryption key on the client and server used to transport the passwords

Ongoing – target release June 2020 – 120 hours

This feature will add the following mechanisms:

  • Implement SSL or equivalent between the client and server. It is expected that the server and the client can generate private / public keys of good level and exchange them as part of the first handshake to secure transmission
  • There should be a way to encrypt all information, and, if significant performance penalty is encured, to encrypt only passwords. This should be a server setting
  • A mechanism should be implemented for second-factor authentication either through token, or by retrieving and checking single sign-on information from the client workstation operating system.

Let’s discuss this feature on reddit.