Security in VetView Labs
- Checkmarx Bot (Unlicensed)
- Cathy Allison
Security in VetView Labs
Screen by Screen Privileges and Features
In VetView, security is controlled through a long list of individual privileges that are attached to individual screens. A particular screen's privileges are completely independent of another screen's, even if the functionality is similar. Giving a user the "Add Charges" privilege on the Accounting Screen does not mean they can add charges on the Client Screen. This allows for maximum flexibility.
Privileges can be grouped into custom roles. Those roles can then be assigned to users. A user may be in multiple roles.
Security privileges can be assigned to Security Roles or individual users (via the Role Management or User Management screens).
Password Authentication
For a more technical look at VetView security, read the page in our technical docs about security. VetView supports LDAP, CAS, and other third part authentication systems. Users may also create local accounts for testing even if a third party authentication service is in use.
Local passwords are stored using a salted hash.
Firewall
VetView can be configured to work within the bounds of a firewall, requiring that users be on the local network or have access through a VPN. Contact your organization's IT services to ensure VetView is properly set up to work with your network.
API and Portal Authentication Tokens
VetView's portal uses a series of API commands to send information directly to the main application. The portal uses a unique generated key from the main app - all API commands must include this key in the header to be accepted. This prevents outside actors from attempting to use the API commands to access your system without authorization. VetView also supports custom API web apps, but they similarly must send and transmit any data using the unique token generated within the main VetView application in order for data to be changed.
VetView Wiki Most recent releases of VetView: Version 5.0.2 and 4.2.8 Hotfix (Released 12/20/2024)