Administration Guide : Installing Xinet : Xinet Portal Communication Security

Xinet Portal Communication Security
Portal is a PHP template based web application that communicates through a REST API with a MySQL database on the backend production server.
Communication between the Portal web application and the production/database server can be set up to use a SSL encrypted connection (between the Portal server and the Database server as well as optionally from the Portal server to the outside world).
Unlike a normal proxy server that receives queries and sends those queries with no intelligence to another server, Portal also provides inexpensive filtering of your web traffic. It also provides session-based security, only passing the user name and password at first point of entry.
A proxy server, on the other hand, leaves the user name and password in the header of every packet it passes between the user and browser. Portal only accepts data that fits known rules; any other data will be dropped. A proxy server accepts anything-for example, it sends denial of service attacks to the production server.
Authentication takes place on the Database server internally. Portal supports Active Directory, Open Directly or LDAP authentication. SAML2.0 based Single-Sign-On is also available.
Portal is able to use any third-party virus-checking application to quarantine problematic files. This helps to ensure that these files will not be uploaded to the production/asset management server.
If you want to dedicate a Portal server to a development team, you can do so without having to add any additional licences. One Portal license allows an unlimited number of Portal servers to communicate with one Database/Production server.