Clientele is a secure client portal for your business.
Each client is given their own account that provides a Dashboard for them to monitor project status, upload/download documents and files related to their projects, and communicate with you.
Clientele makes it easier to take a phased approach to projects by organizing documents by customizable project phases.
Admin Login: admin/admin
Client Login: client/client
- Client Dashboard with quick access to everything related to their project
- Admin only area to manage client and project details
- Secure document management (Clients can’t see or access documents not associated with their account).
- Sophisticated authentication (login) system that prevents session hijacking, rainbow tables etc.
- Create multiple admins on the back end
- Option to enable client side uploads
- Email notifications for project related updates
Login and Authentication
- Authentication system prevents brute force attacks by using dynamic salts, with the option of also using a file system salt.
- One way password hash uses SHA1, which is significantly stronger than MD5
- Session hijacking prevented with session management at the db level, which verifies against user agent.
- Sessions expire after 30 mins of inactivity, forcing the user to login again. This is also managed in the db rather than relying on cookies.
- The upload folder is not directly accessible via the web, preventing unauthorized access to documents
- Document download requests are handled by the application, which first verifies that a user is authorized to download the document they are requesting.