The TaskLoan is hosted at various OVH data centers across USA. TaskLoan has taken the initiative to manage the servers inhouse to ensure uptime and data replication by using a hardened Linux operating system and keeping up to date with the latest security best practices.
TaskLoan performs routine daily full backups of each client’s database and ensures that the backups are replicated via a secure channel between regions. TaskLoan keeps 7 days of full backups of each client.
TaskLoan databases are only accessible via the TaskLoan URL and TaskLoan ensures at there is no data sharing between client’s databases. Databases are also replicated over a secure connection using key pair authentication.
Direct database access can however be granted to clients who wish to mine their own data using a preferred BI tool.
TaskLoan passwords are hashed using industry standard techniques ensuring that not even TaskLoan employees have access to client passwords, however if you do forget your password, we do offer an easy to use password reset instruction. TaskLoan ensures that all your data is delivered to you via HTTPS.
Only a select few TaskLoan engineers have access to the server clusters and this is ensured using a secure key pair authentication method. No access is granted to our server cluster to any IP address other than our static IP address at our office.
TaskLoan as a framework is designed in such a way that it prevents all the most common types of attacks:
SQL injections are impossible since the ORM ensures that no piece of code can manually execute SQL statements
The framework's templating engine ensures that XSS attacks are impossible by using various techniques such as escaping all data that is rendered
RPC calls do not have access to private methods in the framework
The login page is rendered with a CSRF token which makes Cross Site Request Forgery impossible
All code evaluations are done in a sandboxed environment making RFI attacks impossible