HOME Overview Admin Security INQUIRY
日本語

Route Sales Manager

System design
This system is built on the cloud provided by Google as follows, and is robust against external attacks.
  1. Business logic runs on a server on Google Cloud
  2. ID registration and login authentication uses Firebase Authentication provided by Google
  3. Data such as customer list and visit schedule are stored in Firestoe Database provided by Google.
  4. Manage subscription purchases on Google Play Store
  5. Users access this system from an Android device, PC, iPhone, etc. and use the system.
Login ID
Login ID is managed by Firebase Authentication. Industry standard technology is used and it is a highly reliable mechanism.
  1. This system uses Google's Firebase Authentication to support access from multiple devices.
  2. When registering a new ID or reissuing a password, it is a mechanism to check that you are a legitimate user by using the confirmation email function of Firebase Authentication.
  3. If the login is successful, the idToken information issued by Firebase Authentication is stored as a cookie on the terminal (password is not stored).
    It has a mechanism to automatically log in during the period when this cookie is valid (7 days).
  4. If you are using multiple devices such as PCs, smartphones, tabloids, etc., logging in to one device will force the other devices to log out.
Database
The database is operated in a configuration with a very low risk of information leakage.
  1. The entire database is operated by Google, and the security of the core part of the database is protected by Google.
  2. The Route Sales Manager dedicated area (Firebase project) in the Firestre Database is set to deny all reads and writes from mobile and web clients.
    Only authenticated application servers can access areas dedicated to Route Sales Manager
    External access is not possible because a private key that can only be created by the Firebase project administrator must be installed to authenticate the server.
  3. In the area dedicated to Route Sales Manager (Firebase project), a dedicated partition (collection) is created for each workspace.
    Data for each workspace is stored in separate areas, so it won't be confused with data from other workspaces.
  4. The key of workspace is recorded in Firebase Authentication as an your ID attribute
    The business logic of this system acquires the workspace key from the attribute of the ID during login and accesses the database.
    Route Sales Manager users cannot get information about other workspaces because they can't know the workspaces key of other companies.
    The workspace key that the system holds internally is a 20-digit random character string (mixed case alphanumeric characters) generated by the Firestore Database.
  5. The business logic related to Database access of this system is called as cgi. Since the cgi logic cannot be seen from the user terminal, the risk of being analyzed or tampered with is kept low.
Information leakage risk
The risk of information leakage in this system is limited to the following cases.
  1. When the main body of Google is attacked by a hacker etc. and allows intrusion
  2. When the ID password is leaked because the terminal used by the user is infected with a virus, etc.
  3. When a Google Account managed by the OLTO and SUTI-cube Project Team is hijacked by an attack such as a hacker
    In addition, OLTO and SUTI-cube Project Team has set up two-step verification for Google Account to raise the level of security.
  4. When the application server for Route Sales Manager is attacked and compromised
    Note that the Route Sales Manager server disables password authentication and limits access to private keys only, so all password brute force attacks are protected.
Backup
Since this system completely depends on Google for the operation of the infrastructure in the cloud, we have not taken a backup to deal with hardware failures.