Has anyone considered using Frappe for developing Core Banking Portal app for a small scale Cooperative bank structure? My question is more in terms of security concerns - I see Frappe provides HTTPS , certificates etc.
Please share your suggestions
@trupi, any application is secure till has anyone using!
You need check what are your requirements regarding security that you are looking for!, With a clear requirement, you will get a clear answer!
Like the old saying
“The only safe computer is one that is turned off and unplugged from the wall”
Oh , Sorry - my bad that I was not explicit. To name few things
- Secured communication over the network - For this I see we have HTTPS configurations
- Policy based authorization - which I see it already has role based access system.
What I am not sure about is if following kind of security breaches are avoided in frappe ?
Privilege Escalation - By simply changing certain ‘clear text parameters’ sent from the Internet browser to the server the attacker reveals the menu items which should be concealed to them and becomes a more powerful user as well as gaining access to administrative functionality.
SQL-Injection – direct reading of the database - A Standard Query Language (SQL) Injection security vulnerability is used to directly extract data from the database without further authorization. Firstly, the attacker prepares a script code (very short software program) including database statements for later use. the attacker can enter this script code in a data field which is originally a harmless field such as a search expression or an amount in Euros etc. Due to insufficient input validation the injected script code bypasses the authorization mechanisms and extracts valuable data from the database the attacker is interested in.
Running custom server scripts through browser??
I have interest on developing banking core app
I have banking expertise around 10 years.
I can consult on this
@Sanath_Udayawansa2 Did you every embark on the development of the Core Banking App? Has anyone done this?
Please let me know
Still no one to sponsor…