Secure by default

Designed from the ground up with security front and center

Secure Access

Out of the box, DADI access passwords are encrypted, salted and repeatedly hashed.

Industry standard authentication practices are fully supported, including SSL and 2-factor authentication.

Granular User Access Control

DADI provides administrators with complete control over who can see and who can modify every part of a product. DADI operates based on a system of extensible user roles and access permissions.

Administrators can create user roles and give them specific, limited permissions. For example, your editorial interfaces might need an author role that can create and update content, but not publish or delete it (permissions reserved for the editor role), while administrative settings are reserved for a separate role entirely. Authenticated users can be assigned any number of roles, and their permissions are cumulative. Menu links and features are automatically hidden from users who do not have appropriate access.

Data Encryption

In high security applications, DADI can be configured for extremely strong data encryption.

When whole-database encryption is not desired, very high granularity is available to protect more specific information: user accounts, specific forms, and even the values of specific fields can be encrypted. The encryption system can be configured to pass the strictest PCI, HIPAA, and state privacy laws, including offsite encryption key management.

Preventing XSS, CSRF, and other malicious data entry

DADI’s Events layer ensures that data is validated and scrubbed before entry into your data layer. The system tests all given data to ensure that it matches prescribed, expected formats and values.

Tokens are injected into front end forms as they are generated, to protect against potential CSRF attacks.

The complete separation of concerns within DADI enables every layer within your platform - Your API, templating system, editorial interfaces, tracking tools etc. - to perform and handle security checks appropriate to their concerns independently.

Brute Force Detection

DADI protects against brute-force password attacks by limiting the number of login attempts from a single IP address and username over a predefined period of time.

Mitigating Denial of Service (DoS) Attacks

DADI supports comprehensive caching in every layer of your platform. Shared caching support via Redis, local caching and client caching approaches are all available as part of the core application set.

This multi-layered cache architecture is extremely resistant to high volumes of traffic, and makes DADI the system of choice for some of the world’s highest-traffic properties.