Data Transmission Encryption

All application data transmitted to and from the client browser can be encrypted using the web server’s built-in SSL (secure socket layer) encryption.  This standard security ensures that no one can see your data as it passes over the public Internet or over your private intranet and local area networks.  Please review Microsoft IIS web server’s documentation for additional information on how SSL can be configured on the server.

Applications built with Iron Speed Designer are run in conjunction with a standard Microsoft IIS web server, which uses port 80 and 443 to serve pages to application users.  Data collected from an application user is passed through the web server to the application and then to the database, using a standard N-tier architecture.  The N-tier architecture ensures that your database is not connected directly to the application user.

Moreover, Iron Speed Designer does not create any appreciable client-side scripting code that contains data access logic.  All data access code is in the Data Access Layer, so that malicious application users cannot reverse engineer the data access mechanisms.

SSL Encryption and Security Certificates

The issue of SSL and security certificates is orthogonal respect to Iron Speed Designer.  Any application, whether Iron Speed Designer-created or hand-created, or for that matter .NET, Java, or HTML, can be SSL-enabled by simply configuring the web server to support SSL (https) and providing a security certificate.

This link has useful information on configuring SSL (https) for your web server:

See Also

Configuring Your System for Application Security

Configuring Microsoft IIS and IIS Express for Application Security

Configuring IIS Express

Active Directory Role Management

Configuring Microsoft Active Directory

Microsoft Authorization Manager (AzMan) Role Management

Configuring Microsoft Authorization Manager (AzMan)

Microsoft SharePoint Authentication and Authorization

Data Transmission Encryption

Configuring Firewall Security

Handling SQL Injection Attacks