Appendix B: Application security

In this article

    SuperOffice Pocket CRM provides full security of all traffic going between the client installed on the end-users phone and the server. All data traffic is encrypted using strong AES Encryption (128bit end to end).

    Client side security

    Pocket CRM client application is signed using various certificates from various vendors*. A signed client application provides the end-user with a trust that the application is not altered in any way. It also provides a mechanism for giving trusted access to various features and APIs on the phone.

    In case of a lost mobile phone the user must change the password to avoid possible data theft. Pocket CRM uses local caching to speed up data access – this data is stored locally in the phone, but not commonly accessible on the mobile phones file memory / file system.

    *  Apple iOS Developer Certificate, Google Android Developer Certificate, for Java ME we use Thawte and VeriSign Java Developer Certificate, 

    Server side security

    Pocket CRM need to be installed in a way so that the client on the mobile phone can access the server from the internet. A common way is to install Pocket CRM server in DMZ. Pocket CRM server need to access SuperOffice NetServer. It is recommended that SuperOffice NetServer is installed inside the local network, not in DMZ. However, if for practical reasons you need to install Pocket CRM and NetServer on the same sever it is highly recommended that you lock down IP access to NetServer (Web Services).

    This can be done in Internet Information Services (IIS) Manger:

    • Right-click NetServer installation under Web Sites and select Properties
    • Select Directory Security tab and click Edit in the IP address and domain name restrictions
    • Select Denied access and add select the server that is allowed, i.e. PocketCRM server