Dialogs on Facebook.
Amber Bean Coffee website is a fully functioning ecommerce website, but it is also available for backend tours.

“My clients are consistently blown away by their ability to control mission-critical content, without having to worry about breaking design or presentation rules.”

— Brent W., developer partner

Internet security may be your most significant business risk.

Internet security is an evolving effort to "lock the doors" on networks by hardening such components as authentication, information transmission and data storage.

Security is a paramount design criteria for the Dialogs. From initial architecture to the most recent feature updates, Dialogs has been constructed to limit the potential threat of outside attacks and to protect the data and the environment where it is installed. Dialogs developers adhere to the security principals of Open Web Application Security Community (OWASP) and require our certified developer partners to do the same. (OWASP: http://www.owasp.org/index.php/Top_10 )

The default installation of Dialogs requires that all authenticated access be conducted via secure web connection (SSL). Kaleidoscope recommends that this measure not be circumvented. Additionally, Kaleidoscope recommends hosting Dialogs only in a secure hosting environment and recommends conducting periodic security scans against the installation to rapidly, proactively identify any potential vulnerability.

Dialogs user passwords are never kept unencrypted in the database. Rather, in keeping with industry standard practices, a "salted" MD5 hash is kept which is compared at login. The "salt" is added to the passwords before MD5 calculation to void any attempt at using Rainbow Tables to decode the MD5 hash.

For installations where sensitive data must be encrypted, Dialogs can employ a combination of RSA Public Key encryption and AES Symmetric Key encryption to allow Dialogs to secure the data without keeping the decryption key in a usable form on the server. This means that even if the server hard drive is stolen the data is still secure.

Compliance: PCI-DSS, HIPAA, etc.

SSL communications from the browser to a Dialogs website provide transmission security. Dialogs encryption technologies secure data stored on the server. Together, these techniques empower Certified Dialogs Developers to build solutions that are compliant with a growing number of regulatory requirements. 

eCommerce solutions, obviously, should employ strict security measures. In 2006, Visa, MasterCard, American Express, Discover, and JBC formed an independent body, the Payment Card Industry (PCI) Security Standards Council which manages the the PCI Data Security Standard (DSS) a framework to protect cardholder data. PCI DSS defines 12 measures to safeguard Cardmember Data. (PCI DSS:https://www.pcisecuritystandards.org/) A staggering number of eCommerce websites either poorly implement against PCI-DSS standards or disregard them entirely. Dialogs development strategies can deliver true PCI-DSS compliance with minimal financial and legal risk to the site owner. 

Websites interacting with personal health data require security, too. The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996 and includes provisions for data security to protect the privacy of individuals. The Health Information Technology for Economic and Clinical Health Act (HITECH Act) expands the reach of HIPAA data privacy and security requirements to include the "business associates" of those entities like accounting firms, billing agencies, law firms or others that provide services to the entities covered under HIPAA.

Note: When Dialogs is deployed in regulated industries (HIPAA, SarbOx, PCI-DSS, etc.), it is the responsibility of the end-user regulatory administrator to review data management methodologies, technologies and procedures to identify any areas that he/she deems must be addressed to satisfy his/her requirements.