To use the web interface, the server running CommitCRM is connected directly to the internet. How secure is CommitCRM as far as a hacker might be concerned?

If a company puts all their customer info into commit, that is very valuable data. User names, passwords, ip addresses, access codes. Not to mention customer names, contracts, etc.

Hi,

Thank you for posting this.

The RangerMSP Web Interface fully supports SSL Encryption so there shouldn't be any foreseeable danger of 3rd party eavesdropping on your communication. Furthermore, we suggest that when issuing passwords, you should issue complex passwords that would be difficult to read from a keyboard while someone is typing it. In addition to these points, using NAT (Network Address Translation) is highly recommended in order to obscure the TCP listening port that the RangerMSP Web Interface uses. Limiting unneeded privileges is a sound suggestion that could prevent long term damage to the system, in the event that employee credentials fall into unauthorized hands, so if somebody gains malicious access to the system, that person would have limited access, at best.

It is important to mention that most web services such as Google, MSN Live, SalesForce, etc. are also secured by the same level of SSL encryption, and are also accessible using only a username & password, and if a hacker can get those, then all the data in that account would be accessible to him.

I hope this sheds sufficient light on the subject.

Reno Breen