How Is transactional data secured?
Security issues involve controlling who has access to what data, how much they can see, and what they can do with it.
- User access control
- Single sign on
- Data encryption
User access control
Through an access control mechanism of user group permissions, logins, and order modification permissions, the application provides security measures for multiple levels of customer service and administrative organizations.
APIs control access to different areas of system functionality. It is the responsibility of the
caller to ensure that the invoking user has access rights for the function being invoked. The
application provides security manager APIs to help in this effort. See the
com.yantra.api.ycp.security package in the Javadoc information.
Single sign on
If a single sign on mechanism is required within the application, implement the interface com.yantra.ycp.japi.util.YCPSSOManager, which has a getUserData() function that returns a String(UserId). For more detailed information, see Javadoc information.
Encryption ensures that sensitive data is not viewed by unauthorized people. The application provides APIs that enable you to encrypt data such as user names, passwords, and credit card numbers.
In addition, encryption and decryption is only applied after it has been specified within the Applications Manager. For example, only user exits that have been passed credit card information can access decrypted credit card numbers.