As a System Administrator, what permission level options do I have to implement for a non-administrator User on a specific Environment?
The permission levels that we can set for a non-administrator User on a specific Environment are:
- Read Allow / Read Deny
- Show Latest Allow / Show Latest Deny
- Write Allow / Write Deny
- Write Delete Allow / Write Delete Deny
- Full Control Allow / Full Control Deny
- Environment Admin
Note that DENY permission will over-ride the ALLOW permission levels.
In the System Administrator portal, we can set this up either using the ENVIRONMENT tab or USERS tab.
The User Credentials – Are they transmitted through plain text or in encrypted form?
From a user’s browser to the server, the password is sent in plaintext but is encrypted over HTTPS via the POST method, which is standard practice. But from server to database, it is not transmitted/stored in plain text.
We strongly recommend to integrate the EPC Application with the User and Access Management of the Clients. Once this is done, there is no need for creating Users in the EPC Application.
Can an adversary fingerprint the webserver from the http responses?
The HTTP Response does not contain the version details of the server and the X-Powered-By header is removed. We have made some changes since v12.1 in this regard too. Now, it is more securer than ever to use the EPC Application.