User Tools

Site Tools


technical_information

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
technical_information [2018/10/30 11:36] lucytechnical_information [2022/11/25 11:17] (current) lucy
Line 41: Line 41:
 ==== Operating System ==== ==== Operating System ====
  
-Starting from 4.3, LUCY is running on a 64-bit **Debian 9 (Stretch)** system. There are no system patches or hardenings applied - LUCY uses a vanilla Debian distribution without any additions. The system is configured to download updates and new packages from a custom LUCY apt mirror, which has the same IP address, as LUCY license server (make sure it is open on your corporate firewall). The operating system gets updated only when you upgrade LUCY to a new version.+Starting from 4.8.8, LUCY is running on a 64-bit **Ubuntu 20.04 LTS** system. There are no system patches or hardenings applied - LUCY uses a vanilla Ubuntu distribution without any additions. The system is configured to download updates and new packages from a custom LUCY apt mirror, which has the same IP address, as LUCY license server (make sure it is open on your corporate firewall). The operating system gets updated only when you upgrade LUCY to a new version.
  
 ==== Security Settings ==== ==== Security Settings ====
Line 64: Line 64:
  
 ==== Database ==== ==== Database ====
-LUCY stores all related data in **PostgreSQL 9.6** RDBMS. All sensitive information stored in there is encrypted as PostgreSQL is available only for internal connections. There are no configurable options for the DB encryption.  The encryption is mandatory for all data and is performed automatically with the following settings:+LUCY stores all related data in **PostgreSQL 11** RDBMS. All sensitive information stored in there is encrypted as PostgreSQL is available only for internal connections. There are no configurable options for the DB encryption.  The encryption is mandatory for all data and is performed automatically with the following settings:
  
   * It’s a column-level encryption performed on both the application and DB layers before storing any data in the database. We don’t use TDE (transparent database encryption), as PostgreSQL doesn’t support it, so we encrypt only a subset of columns in DB – everything that holds client/attack/recipient-related data.    * It’s a column-level encryption performed on both the application and DB layers before storing any data in the database. We don’t use TDE (transparent database encryption), as PostgreSQL doesn’t support it, so we encrypt only a subset of columns in DB – everything that holds client/attack/recipient-related data. 
Line 81: Line 81:
   * Framework-level SQL injection prevention   * Framework-level SQL injection prevention
   * Framework-level CSRF prevention   * Framework-level CSRF prevention
-  * Lucy partially conforms to "CIS Debian 8" checklist (50% conformance: we can provide a detailed list of non-conforming items upon request. There are no critical issues in uncovered parts)+  * Lucy partially conforms to "CIS Debian 9" checklist (50% conformance: we can provide a detailed list of non-conforming items upon request. There are no critical issues in uncovered parts)
   * Lucy partially conforms to "CIS PostgreSQL 9.5" checklist (50% conformance: we can provide a detailed list of non-conforming items upon request. There are no critical issues in uncovered parts)   * Lucy partially conforms to "CIS PostgreSQL 9.5" checklist (50% conformance: we can provide a detailed list of non-conforming items upon request. There are no critical issues in uncovered parts)
 +  * PHP 5.6 is being updated using mirrored [[https://deb.sury.org/|repo]], which contains security patches developed by Microsoft. [[https://github.com/microsoft/php-src/blob/PHP-5.6-security-backports/NEWS|Source]] of the patches.
  
 +
 +VPS servers provided by us are having additional layers of protection.
 +More can be found [[vps_hardening|here]].
  
 ==== Folders ==== ==== Folders ====
technical_information.1540895789.txt.gz · Last modified: 2019/07/25 12:51 (external edit)