If your business is to manage data with information systems, one big goal is to keep your data and your systems protected. This is also true with data about your zones, your name servers, your web servers and the database involved in zone file and name server management. It therefore is a primary concern of the ZoneMaster project to be as secure as possible.

For this reason the web-based user-interface is totally separated from the job execution on the name servers. The user-interface operates on data in a database. The connection is authenticated by a user name and password and might be encrypted to protect against network sniffing. The job execution on the other side uses the data in the database to make the required modifications. Both, the user interface and the job handler, do perform checks to protect the system. Especially the CGI runs in 'strict mode' and 'taint checks' are enabled.

Currently the user-interface does not include a user and access control management. It is therefore required to protect the user interface with mechanisms provided by the web server. The Apache web server support a mechanism known as 'htaccess-files' that requires the web user to authenticate against the web server before getting access. This mechanism is used in the current release and is secure when used in conjunction with encrypted access through HTTPS.

In an upcoming release support for other methods of authentication and authorization will be available. This might include authentication via an HTML-Form and persistence of authentication information (resp. authentication hash) through the optional use of cookies.

Nevertheless the security of your network and your operational systems strongly depends on your overall security strategy. This must include a firewall that protects your internal systems like the database and the ZoneMaster user-interface from unprivileged access. Please keep in mind that security is only as strong as its weakest chain.