Security

Mandala does its very best to protect your data. It does this by:

Digital security

1. Only keeping  “current” credit card activity in the database. Credit card information not tied to an upcoming booking is automatically erased. This means that if all security measures fail, the number of credit cards actually contained in the database is minimal and unlikely to make a very attractive target for hackers.

2. Requiring a password to enter the Mandala application. It is expected that each user changes their own password away from the default. This password is encrypted by the American Encryption Standard using a different key to the credit cards.

3. Encrypting credit card information within the database using the American Encryption Standard, and a key unique to each site installation

4. The database as it resides on the server is only accessible to someone who knows the PostgreSQL database user password – which should be unique to each site. This password is stored on the server as an MD5 hash by PostgreSQL.

5. The entire database is re-encrypted using the 448bit Blowfish algorithm for each back up and before being uploaded to the internet. Blowfish keys are unique to each site. At the time of writing, there are no known effective (as in realistic) attacks on the 448bit Blowfish algorithm.

6. Internet file permissions allow only the file “creator” to download the backup file.

7. The destination internet file server is located in a secure server storage facility (based in  Melbourne) and is backed up daily.

In the digital world, this amounts to a very high level of protection. The protocols used are accepted by the US government as suitable for classified information. The plain truth, however, is that there is no such thing as 100% security in the digital age – but this is something your online banks will rarely tell you. Nonetheless, even in an imperfect world, the amount of computing power and time required to break through the multiple layers of strong encryption are (at the time of writing at least) mind boggling and certainly greater than our current lifespans.

Local security

What Mandala cannot protect you from is lax security measures on the installation site itself. A classic example of poor security would be leaving the Mandala login password sticky-noted to the reception monitor and the reception door unlocked. Such instances constitute a far greater hazard than remote digital security issues.

Legal Credits

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/). This product includes cryptographic software written by Eric A. Young (eay@cryptsoft.com). This product includes software written by Tim J. Hudson (tjh@cryptsoft.com).