4.9.6 Other security aspects
This document only discussed authorization of operations on documents for legitimate users. Other aspects of security include:
- authentication: see
- audit logging: since Daisy generates JMS events for all (write) operations happening on the repository, you could get a full audit log by logging all these events. The content of these events are XML descriptions of the changes (usually an XML dump of the entity before and after modification)
- physical protection of the data: if someone can access the filesystem on which the parts are stored, or the relational database, they can see and/or modify anything
- integrity: hasn't anyone been altering the data before delivery to the user. Here the use of https can help.