You are here

Security

Protection of traffic

The client and the MeetingSphere server communicate through an encrypted (https) connection. Should a device connect via TCP 80 http, that connection is immediately redirected to port TCP 443 (https). Login can only occur via the secure https connection.

MeetingSphere defaults to 256-bit encryption and does not support connections under the compromised legacy SSL 3 protocol.

Protection against malicious code

MeetingSphere affords several layers of protection against malicious code. These include:

  • Validation of user entries
    All content entered by users is validated in such a way that no active script elements can be injected into the application. This prevents attacks such as "cross site scripting" or "DOM injection".

  • HTML commands
    MeetingSphere will not execute HTML com­mands or script entered in the text. Rather, if it finds a text string that typically represents an HTTP resource or email address it provides its own predefined function call to make that link executable by click.
  • Protection at database level
    All access to the database layer is restricted to prepared queries. Users cannot formulate and execute potentially abusive SQL queries anywhere in the program.

  • Virus scanning
    All files are scanned for malicious code on upload to the server, periodically thereafter and on access using the latest signatures and heuristics.

Privacy - Confidentiality

MeetingSphere protects the privacy and confidentiality of meetings. The content of meetings may only be accessed by

  • Participants
    while the meeting is open. Access is limited to workspaces opened by the Leader.

  • The Leader
    who owns the session.

Data maintenance. MeetingSphere assists Leaders in protecting confidentiality by closing meetings which are beyond their end date automatically and deleting them after an extended period of time. Leaders can adjust the schedule for data maintenance and clearing to suit their needs.