Answers to Common Security Questions
- Posted by CurtD
- On July 31, 2014
- 0 Comments
We get asked a lot of questions, we’ve gathered them together to make it easier for you. This page is regularly updated, so be sure to check back for our latest updates.
- Who has access to our data?
By default, Oversing creates an account in each database and grants access to Reality by Chanting Support Personnel. These personnel cannot access your application if you revoke that permission, or disable their account. But, support personnel often cannot help you without that permission. If support requests are escalated to our developers, they too may access your application, as long as you do not revoke Reality by Chanting’s permissions. The hosting team can access your database for maintenance purposes. The developers cannot access your database without permission of the hosting team. However they may need access to diagnose a support issue.
- Is our data encrypted?
Reality by Chanting uses TLS to protect information while in transit across the Internet. We have implemented TLS1.2 and Perfect Forward Secrecy (PFS) to further support data protection. Almost all information in the database is not encrypted.
- Is TLS always used?
Yes, all Oversing’s systems only use TLS, along with PFS, for communication. In line with Industry standards, we have removed support for SSL 3.
- How are our passwords stored?
Passwords are cryptographically hashed in Oversing – and for security reasons we do not disclose the algorithm.