haze.png
cloud_1.png
cloud_2.png
CiviCRM_Logo_gross.png
CiviCon Köln
Freitag, 9. Juni 2017
Community-Sprint
User-Training
Vernetzung mit der Community
Workshops & Vorträge
Alles rund um die Freie Software für Nonprofits
haze.png
cloud_1.png
cloud_2.png
Logo ohne Name.png
Wir unterstützen
Gutes besser zu tun!
Organisationen dabei,
SYSTOPIA Schriftzug.png
haze.png
cloud_1.png
cloud_2.png
Wir unterstützen
Gutes besser zu tun!
Organisationen dabei,
pc.png
CiviCRM.png
Nutzen Sie
das volle Potential der freien
CRM-Software für Nonprofits
pc.png
Opensource.gif
Ihre Daten - Ihre Entscheidung!
Professionelle, freie IT-Strukturen
IT-Beratung
Anbieterunabhängige Beratung
Orientierung geben
Zusammenarbeit verbessern
Ziele klären
Organisations-entwicklung
Compass_bearbeitet.png
haze_x.png
cloud_1_x.png
cloud_2_x.png
CiviProxy - Security proxy for CiviCRM

Does your CiviCRM server contain confidential data on your organsiation and your constituents? Couldn't this data be used against you, to scam your donors or simply undermine your constituents' trust in you?CiviCRM ist not an unsafe system, but exposing the whole server with all its components to the internet yields a lot of attack vectors - for targeted attacks and scripted mass-exploits alike.

CiviProxy aims at minimising this exposure.

How does it work

The basic idea is to first put your CiviCRM server into a VPN. This makes the server virtually inaccessible from the internet, and your users or your whole office will access it via a secure connection.

But what about your public web pages, donation pages, data exchange with other systems? This is where CiviProxy comes in: You get a small, secure, extra server and give it access to both, the internet and your VPN. It will act as a safe gateway for selected features of your CiviCRM that you would like to expose.

What can it do?

Currently CiviProxy can expose/relay the following CiviCRM functions

  1. Serve resources for newsletters and mailings
  2. Cache those ressources, taking load off your CiviCRM server
  3. Pass-through of tracking data on opening and click-through rates
  4. Sign-on and off of your newsletter (Webpage templates)
  5. Relay of whitelisted REST API calls for data exchange with other systems
  6. Perform input sanitation and parameter whitelisting for the REST API calls

DISCLAIMER: This software has not (yet) been audited for security.

Weiter Links:

Github Project