Oasis Web-site Privacy Statement
Web Site Security/Infrastructure

The following list covers our security modules currently implemented on the websites: www.OasisAssistant.com & www.OasisPayroll.com.

Web Server/Firewall Level

The Web Server is accessed through connection to a dedicated Web Server in a perimeter Network. An Additional Layer of security is that the Web Server uses non standard ports to access data within the trusted network. Therefore Data is retrieved from the internet by 2 different rule sets.

Encryption

All communication between browser and the Web Server is done using 128-bit encryption. This communication takes place using SSL certificates issued by Thawte. Secure Sockets Layer (SSL) is a protocol designed to enable secure communications on an insecure network such as the Internet. SSL provides encryption and integrity of communications along with strong authentication using digital certificates.

Web Server/Browser Level

  • Cookies/Session Variables: No client cookies are used on either site. 1 session variable is used to aid in authentication. Session variable gives the browser a “session cookie” which contains only a key. This key is used to retrieve Username, Password, and other sensitive information from server memory.
  • Sensitive Information: No sensitive information is ever stored within cookies or session variables; information is never stored at the browser level. All authentication and sensitive information retrieval is done at the Server level.
  • Object Creation: Object Creation that handles data transfer and backend access is done using an IBM product which adds an additional layer using a C library. This means DTO’s (Data Transfer Objects) and DAO’s (Data Access Objects) are not standard Java Objects; this adds another layer of security.
  • Minimum Required Software: Internet explorer 5.x, Firefox 1.x, or Netscape 5.x, are the minimum browser versions allowed. Browsers must have JavaScript and Session Cookies enabled. Browsers that do not meet those requirements will not have access to either website.
  • Timeouts – All sessions automatically timeout with 20 minutes of inactivity.
  • Pages secured – Once authenticated, every single page on both websites goes through an authentication script using Non-Standard Object Creation for Server Side authentication.
 


 web security|privacy|legal|requirements