Any third-party library used for developing the frontend part is referenced with HTTPS (even if not directly related to data).
ReactJS is developed by Facebook community; this guarantees that the library is frequently updated to the best and latest security standards. Even when crucial part of application security resides on the backend, many security issues are in fact prevented on the frontend by ReactJS by default (e.g. XSS attacks or Script Injections).
AdonisJs provides high level security standards to build backend API. Below list details security features enabled on configuration:
- CORS (Cross-Origin Resource Sharing): Cross domain attacks are prevented on backend side restricting access from unknown domains. All such IPs are blocked.
- CSRF protection (Cross-Site Request Forgery (CSRF)): CSRF attacks protection permits to prevent that an unknown user can perform actions on behalf of another user without their knowledge or permission. AdonisJs backend protects from CSFR attacks by denying unidentified requests. HTTP API requests have been protected to make sure that only the right people from the right place invoke these requests.
- Malware protection: AdonisJs also automatically prevents other common malware attacks like XSS, Content-type Sniffing, Script Injection and other.
All stored user passwords in the database are hashed. Decryption is done by AdonisJs and there is no option to retrieve them or perform any kind of general attack.
AdonisJs uses Bcrypt standard, which is considered one of best for password encryption.
1.7 Data retention
To avoid a scenario in which all chart visualisations and extension-related parameters are lost when Tableau workbook file is closed, the data retention feature was added. In this case, Tableau settings are used to store all parameters and variables needed, which gives the possibility to reload them once Tableau dashboard(s) with extension is / are opened again. This allows to see the same chart rendered as user was presented with before closing Tableau workbook.
Authentication tokens are also saved in Tableau to avoid users having to re-login every time. Both above features happen on Tableau side only.