This page is maintained for older versions of Spira only. The latest documentation can be found at: https://spiradoc.inflectra.com

SpiraTest Administration Guide Help Viewer

1. Introduction
2. Installing SpiraTeam®
3. System Administration
4. Appendices
Search:
1. Introduction
2. Installing SpiraTeam®
3. System Administration
4. Appendices

2.3. Security Considerations

The Microsoft Internet Information Services (IIS) web-server and SQL Server database are powerful tools to managing web-based applications. However it is important to make sure that they are correctly secured to prevent unauthorized access to applications being hosted on them. This is a fast changing field and beyond the scope of this guide to address, however we recommend reading the following article for details on how to secure IIS:

In addition to the steps outlined in this article, it is important to note that by default, all web pages served by IIS using the HTTP protocol are unencrypted, and as such, the usernames and passwords used by SpiraTeam® to log into the application can be read by network sniffing tools. If you are using SpiraTeam® purely within an intranet environment, this may not be an issue. However if you are externally hosting SpiraTeam® onto a publicly accessible website, we recommend installing a Secure Sockets Layer (SSL) encryption certificate, and restricting all web-traffic to the secure HTTPS protocol instead.