WYSIWYG web engines: home

The security and privacy features of the Beam reactor web engine

The security in Beamreactor

Security is a prevalent aspect of our web engine. At all times, every aspect of the visitors details is being compared and controlled, to avoid several common attacks such as :

  • Repetition attacks. The most critical communications of BR are time limited. It means that a transaction is only valid for a particular amount of time. For other critical communications, a token system has been implemented that allows one ticket for one unique transaction. The private communication is mostly encrypted, as you'll be able to check in the 'privacy' part of this page.
  • SQL injection. A common way to abuse a website is to try and fool the database by providing it with wrong or misleading content. That's why every connection to the database gets the data cleaned up prior to any transaction.
  • Multiple way data control. For one cannot necessarily trust a browser or a web hoster, every aspect of the data stored in someone's browser (whenever supported) or within the server gets checked against abuses.
  • HTML injection. Users can be witty. Forcing HTML within your chat systems or forums could totally ruin your website aspect, if not deface it. That's why we have a strict policy towards HTML allowance: users may not insert HTML. On the other hand, you can totally use HTML from within your systems as Beamreactor features a full support for HTML 4.0+.
  • URL abuses
  • Forced redirections
  • Unsolicited spam, thanks to a strict control of the data being posted within critical user available plugins. You can determine the policy there, from no link, to internal ones, or allow each and every link, with or without a warning page when leaving your web structure.
  • Honeypots

Privacy and Beamreactor

  • Cookies. Simple, there isn't any but for the shop, and only for the duration of a customers visit, and a session cookie only active when a user visits your website. No tracking cookie or dirty hack has been implemented, that would unnecessarily trigger your visitors anti-spyware software.
  • Passwords aren't just stored within MD5 (fortunately). Our password storage is a very complex mix between encryption, and hashing. Nobody, but you (and your ISP/network administrator through sniffing under unsafe connections) can steal your passwords.
  • Your data online is both precious and dangerous. For privacy reasons, lasting data storage relative to your users can be forbidden in many countries, or at least subject to an authorization. That is why only IPs are being stored from the visitors, and whilst the user nickname can be seen in real time when a user visits your website, (along with non critical transactions), the traces left after the visit will be kept IP related. This to abide to most  jurisdictions worldwide, and mostly for statistics purposes, apart of the posts or commercial transactions the user could have been doing.