MySource Matrix Evaluations

MySource Matrix has been superseded by Squiz Matrix. This site will remain available for archival purposes only; it is not intended as a current source of Matrix information. For all the latest on Matrix, including documentation and release information, visit the Squiz Matrix site.

Content Tools

Main Content

Security is provided in MySource Matrix via a combination of permissions, user types and other security features:

Permissions

MySource Matrix allows you to grant read, write or administration permission to users or user groups for a particular site or page.  This affects whether the site or pages are visible within your site, in addition to what functions the user can perform on the site or page in MySource Matrix:

  • Read Permission: if a user has Read permission for a particular Live asset, they are able to view the asset in your site via their browser.  For the asset to be visible to the web-surfing public, you must grant public read access to that asset. Any MySource Matrix user with Read permission can also view the asset in MySource Matrix. 
  • Write Permission: if a MySource Matrix user has Write permission for a particular asset, they are able to view and update the editing screens of the asset in MySource Matrix, excluding changing status, site settings, permissions, and the workflow and metadata schemas. Users with Write permission may also view the asset in your site, even if it is not Live.
  • Administration Permissions: if a MySource Matrix user has Administration permission for a particular asset, they are also able to change the status, edit site settings, permissions, and the workflow and metadata schema for the asset in MySource Matrix.

A simple and intuitive user interface is provided to allow an administrator to grant read, write or administration access to an asset or group of assets, by a particular user or group of users. As for all changes to assets, an audit trail is kept of changes to permissions of assets.  

MySource Matrix employs User Groups to represent roles, and permissions can be granted to user groups.  An example could be creating a User Group called “Department 1 Content Authors”.  Rather than granting access to write to pages within the Department 1 site to individual users, access is granted to this group.  When people leave or join the department, they are simply added to the User Group, and no changes are required to the permissions of the pages within the department site. 

User Types

MySource Matrix has the following types of users, each of which has varying levels of access to the features of MySouce Matrix in the Administration Interface:

  • Normal User: has no access to authoring any content
  • Backend User: may author content if their profile allows them to edit that content.
  • Administrator: may access the administration interfaces, including all content, and most system tools.
  • Root User: may access the administration interfaces, including all content, and all system tools.  There is only one “Root User” per system.

User Security

 Decentralised author access is secured through:

  • User login and password (may operate through LDAP or Active Directory)
  • Enforceable use of Secure Sockets Layer (SSL) encryption
  • Optional IP range restriction
  • Optional visual key

Members Areas

MySource Matrix allows you to define areas of your site which require users to be authenticated before allowing them access.  These are areas where public read access has been denied.  MySource Matrix hides content in Members Areas from users that do not have appropriate levels of access, including removing references from menus and navigation systems.

Other Security Features

MySource Matrix includes the following additional security features:

  • Session management - when authenticated the system allocates a temporary session key that is tied to their IP address so that would be hackers may not spoof their session.
  • Centralised updates - the centralised management structure ensures that client machines do not act as vulnerabilities to the system.
  • File type restriction - it is possible to restrict files types that may be loaded to the CMS and these files are loaded to a non-executable directory. That means if someone were to load malicious code to the server it would not be executable on the server.
  • Executables restriction - the system keeps detailed audit trails and logs so administrators may analyse attempted security breaches.
  • Audit trails - the system keeps detailed audit trails and logs so administrators may analyse attempted security breaches.

External Security/Privacy

At the MySource Matrix level, the access control mechanisms of the underlying operating system are utilised to ensure that only the webserver user has write access to the public data directory (which is needed for storing uploaded files and cached content) and write access is denied to the PHP source code.  The access control mechanisms of the database restrict access to the MySource Matrix and the HIPO Server processes. 

Additionally, it is important to ensure physical access to your webserver is restricted, and the user accounts are strictly controlled.  External access to your server hosting the CMS should also be protected through a perimeter firewall, a firewall on the CMS server itself, and through the configuration of Apache directives, and the use of SSL.  Finally, your server could be configured so that the Apache webserver is the only process listening to the network externally.

Secure Deployment on Internal and External Sites

MySource Matrix allows for the creation of secure websites with access restricted content. It may be used for the creation of Intranet’s, extranet’s and public websites with member’s only areas. It should be noted that MySource Matrix has been security audited by Australia’s Defence Signals Directorate and has been passed for the secure deployment of Federal Government websites.