SuperMap GIS system security

Basic approach

Generally, the security of the system should include three aspects:

The system's own robustness and reliability, that is, the fault-tolerant resilience, including the exception handling when some wrong operations and fault data occur, the capability to continue to work when hardware problems occur.

The system should have a perfect authority control system to protect the system will not be damaged intentionally or unintentionally.

The system should guarantee data security and consistency in the concurrent and interactive operation environment.

For a GIS service system, the following aspects should be secured:

Service management, that is, control the permissions for publishing, modifying, and deleting services through the administrator.

The communication between users and the GIS server, that is, encrypt the communication contents.

Service access, that is, control which user can access which service.

All the managing operations of services, that is, record them on the log.

Security mechanism

For the entire GIS system security considerations, the four products, iServer, iPortal, iEdge, iManager use mutually compatible universal security scheme to guarantee the security of GIS sytem, GIS data, GIS services. It includes:

It means to protect the system from physical attacks and malicious network's damage by physical security, software upgrades, virus protection and regular backup measures . To protect the software and hardware through the existing security architecture, for instance, block malicious Internet users to access the local network through firewall. Besides, preventing malicious interception of user name and password by encrypting communication via HTTPS, encrypting data via SSL.

It uses encryption to secure the 2D and 3D cache data .

It uses encrypting 3D data before publishing 3D services to ensure the secure access and data reusability after publishing.

It provides administrator account to ensure only the administrator can perform publishing, modification, and deletion operations.

And it records all the managing operations of services on logs.

iServer WebManager provides security module to allow users to implement the access control on services through user identity authentication and authorization.

It supports CAS single sign-on, third-party user systems such as LDAP, OAuth 2.0 protocol, third-party security framework.

Note: The completion date of this documentation is 2024-11-25. If the previous documentation (including electronic documentation and printed documentation) does not conform to this documentation, please refer to this documentation. If updated, the updated documentation will prevail.