The security of BioCoRE
data is of paramount importance to the BioCoRE development team.
A number of steps have been taken in the design of the BioCoRE program
infrastructure to insure that user data is held private and
- Connections between the user's browser and the BioCoRE servers default to being https.
- All passwords are encrypted using Unix crypt, a one-way hash encryption scheme that cannot easily be reversed. If a user forgets their password, they must log in to BioCoRE and request a new password which will then be generated and emailed to the email address originally given by the user.
- BioCoRE users cannot see what is going on in any privte projects other than the ones for which they are registered.
- The lead user, or primary investigator (PI) is the only person empowered to add users to private projects. The PI must know the username of those persons to be added to a private project, and there is no public listing of users and usernames.
- Cookies: To use the collaboratory, BioCoRE does store a temporary cookie on the user's machine. However, this cookie contains only a single integer - no personal or password information is stored - and is deleted when the user's browser is closed. Persistent cookies will be used to store whether or not the user wishes to use Web Start for the Control Panel, and the location of VMD on the system.