In current version, Open Lowcode has a level of security sufficient for use on intranet for non-confidential information. Especially, one weakness is the hardcoded encryption key on the client and server used to transport the passwords
Ongoing – target release June 2020 – 120 hours
This feature will add the following mechanisms:
- Implement SSL or equivalent between the client and server. It is expected that the server and the client can generate private / public keys of good level and exchange them as part of the first handshake to secure transmission
- There should be a way to encrypt all information, and, if significant performance penalty is encured, to encrypt only passwords. This should be a server setting
- A mechanism should be implemented for second-factor authentication either through token, or by retrieving and checking single sign-on information from the client workstation operating system.
Let’s discuss this feature on reddit.