B-Line Suite Security Solutions-

Cloud Hosting - Terms of Service Agreement -

Customer databases are hosted in the DigitalOcean, LLC with Terms of Service Agreement.

Disaster Recovery -

12 full backups in 01 months: 1/day for 7 days, 1/week for 4 weeks, 1/month.

Users can download manual backups of their live data at any time.

You can contact our Support Team to restore any database backup.

Our Disaster Recovery Plan has the following metrics: Regional Availability Matrix.

Security -
SSL - All web connections to client instances are protected with 256-bit SSL encryption.

Passwords - Customer passwords are protected with industry-standard PBKDF2, SHA512 encryption.

Isolation - Client data stored in a dedicated database and server, no access is possible one to another.

Credit Card Safty -  

We never store credit card information in our system.

Top security issue -

1. Injection Flaws: 
B-Line relies on an object-relational-mapping framework that abstracts query building and prevents SQL injections by default. 

2. Cross Site Scripting (XSS):
The B-Line framework escapes all expressions rendered into views and pages by default, preventing XSS.

3. Cross Site Request Forgery (CSRF): 
The B-Line web engine includes a built-in CSRF protection mechanism. It prevents any HTTP controller to receive a POST request without the corresponding security token.

4. Malicious File Execution: 
B-Line Server does not expose functions to perform remote file inclusion. However it allows privileged users to customize features by adding custom expressions that will be evaluated by the system.

5. Insecure Direct Object Reference: 
B-Line Server access control is not implemented at the user interface level, so there is no risk in exposing references to internal objects in URLs.