How Is transactional data secured?

Security issues involve controlling who has access to what data, how much they can see, and what they can do with it.

The application provides mechanisms that address the following security issues:
  • User access control
  • Single sign on
  • Data encryption

User access control

Through an access control mechanism of user group permissions, logins, and order modification permissions, the application provides security measures for multiple levels of customer service and administrative organizations.

APIs control access to different areas of system functionality. It is the responsibility of the caller to ensure that the invoking user has access rights for the function being invoked. The application provides security manager APIs to help in this effort. See the com.yantra.api.ycp.security package in the Javadoc information.

Single sign on

If a single sign on mechanism is required within the application, implement the interface com.yantra.ycp.japi.util.YCPSSOManager, which has a getUserData() function that returns a String(UserId). For more detailed information, see Javadoc information.

Data encryption

Encryption ensures that sensitive data is not viewed by unauthorized people. The application provides APIs that enable you to encrypt data such as user names, passwords, and credit card numbers.

In addition, encryption and decryption is only applied after it has been specified within the Applications Manager. For example, only user exits that have been passed credit card information can access decrypted credit card numbers.