Site Security

SITE SECURITY

Taxi Driver Data uses a combined security system which is almost unique in the Internet. The system described here is tried and tested in other Internet applications written by the company which produced this Taxi Driver Data. You can rest assured that the data you record is completely protected and available only to users of the site at their place of work. See the multitude of features described below which are built into the system to protect your data.

1.	Site Access - The secure site cannot even be seen by persons or organisations who are not subscribed to the system. This is achieved using a combination of Secure Socket Layer (SSL) technology combined with an issued client certificate.
2.	SSL - A Secure Socket Layer is a technical term for something which anyone who runs a bank account on the Internet or who has purchased anything on line has already used perhaps without knowing. The web site using the SSL is protected inasmuch as all data which is transferred between the user and the web site is actually encrypted during the time it is moving across the Internet in either direction. The fact that a site uses this type of protection can be seen by the presence of a padlock symbol displayed in the web browser used to access the site together with the web address which will display 'https' instead of 'http' at the start of the web address, also the www in the web address is also replaced usually with something else such as the word 'secure'.
3.	Client Certificate - This facet of Taxi Driver Data makes it incredibly secure. All subscribers to the system are required to apply for a security certificate which is issued to any computer needing access to it, which will always be restricted to a subscribers work computer. This is a simple procedure but what it means is that unless the computer trying to access the site can prove (by means of the certificate it holds) that it is allowed access then the site cannot be displayed on the requesting computer. Even people with the right username and password for the site cannot access it unless such a certificate has been issued.
4.	MD5 Encryption - The username and password log on is protected by a secondary encryption method called MD5. What this means is that when a user enters his or her username and password and then transmits these to the web site for access both are instantly changed into an unintelligable string of text looking something like this: 4f6764f7b08bed9f3f04bcd8c750ff31 The effect this has is that this information is doubly encrypted, once by the SSL (see above) and once more by the MD5 algorithm its a belt and braces approach but one which has proved impregnable in other systems using the same technology.
5.	Cookies - Once a user is logged on to the system the site provides a locally controlled environment using a technology called cookies which then control what the user can and cannot do within the site. The cookies are in effect temporary text files which provide constant information to the site for use in such things as the log files explained below. The cookies themselves are destroyed at the point of the user logging off or if the user fails to log off properly the cookies self-destruct a short time later.
	Access Log Files - Every page which is accessed during the users access to the site is logged to a database run within the site. This database is accessible only by the site administrators but details of a users site access will be provided on request. The log files record the following details : date and time of page access, the users unique ID number, the identity of the computer he or she was using, the page he or she looked at, any question which was asked when the page was accessed, for instance where searches of the database have been made.
	Database Permissions - Taxi Driver Data uses Microsoft SQL Server as its database. Using group access permissions within the database every table or question asked is controlled completely down to the person who is using the database at that time so if they don't have permission to ask a particular question then such access to the data would be refused.
	Stored Procedures - All data access is carried out using stored procedures. This is a technical term but what it means is that all questions asked of the database are already pre-compiled and protected against malicious intrusion by third parties and would include such threats as injection attacks. No outsider to the system could even get to this level of access of course but what this provides is protection from within the subscribers own organisation.