Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Hosting

If you are a SaaS client, your TaskFlow instance is hosted at Hetzner's main data centre in Johannesburg with a standby instance at Hetzner's data centre in Cape Town. Hetzner's data centres are all equipped with CCTV cameras and access is granted to Hetzner employees via biometric access.

We also accommodate clients who want to host TaskFlow on premises, in which case it is the client's responsibility to provide us with a server. On premises clients have the responsibility to restrict access to the server and are also responsible for making backups and storing the backups securely.

Backups / Disaster Recovery

We keep 7 days full backups for each TaskFlow instance hosted on our servers. Backups are replicated (via a secure channel) between data centres as well as to a physical location outside of Hetzner's data centre. Backups are made at 00:00 every day.

In addition to daily backups, all databases are replicated in real time to a slave server. Databases hosted in Hetzner's Johannesburg data centre are replicated to a slave server located in Hetzner's Cape Town data centre and vice versa.

Hardware failure:

  • All of our servers' hard drives run in a RAID 1 configuration. In case a server fails completely due to hardware issues, we will be able to spin up all of the clients on the counterpart slave server within 4 hours.

Disaster recovery:

  • RPO (Recovery Point Objective): Clients will never lose more than 24 hours worth of data. This will only happen when we are unable to restore a slave server and have to restore your TaskFlow instance from the previous days' backup.
  • RTO (Recover Time Objective): Clients will be offline for a maximum of 4 hours in case an entire data centre becomes unavailable.

Daily backups are constantly monitored. We also monitor real time database replication. Emails are automatically sent to system administrators when crucial events occur.

Database security

Your database is only accessible via your TaskFlow URL (e.g. demo.taskflow.co.za). Although all clients' databases run on one cluster there is no data sharing between clients' databases what so ever. Your database is replicated over a secure connection using key pair authentication.

We give direct database access (read-only) to clients who wish to mine their data with BI tools. Please send an email to support@taskflow.co.za to request this.

Password security

Login details are hashed using industry standard hashing techniques. Not even TaskFlow staff has access to your passwords. In the event that a client loses their password, the only option is to send password reset instructions. When logging into TaskFlow, if you're a SaaS client, your data is always transmitted via HTTPS. You can verify this from within the browser by making sure that a "lock" icon is present.

Employee access

TaskFlow employees have access to the administrator account on your TaskFlow instance. We may log on from time to time in order to assist with support requests. We use our discretion to only access data that relates to the support request.

System security

Only a select few TaskFlow engineers have access to the server clusters. The only means of logging in is using secure key pair authentication via SSH. We only allow TaskFlow engineers access to the server clusters from our office's location (i.e. no access is granted to any IP address other than our static IP at our office).

We use a hardened Linux distribution as our operating system and have configured our firewall to only allow access on certain ports. Our servers are also resilient against DDoS attacks.

Software security

TaskFlow as a framework is designed in such a way that it prevents all of the most common types of attacks:

  • SQL injections are impossible since the ORM ensures that no piece of code can manually execute SQL statements
  • The framework's templating engine ensures that XSS attacks are impossible by using various techniques such as escaping all data that is rendered
  • RPC calls do not have access to private methods in the framework
  • The login page is rendered with a CSRF token which makes Cross Site Request Forgery impossible
  • All code evaluations are done in a sandboxed environment making RFI attacks impossible

Software updates

All code changes made to the TaskFlow framework is evaluated and reviewed by TaskFlow engineers before it is deployed to our clients.

  • No labels