I’ve used Xibo for years, but have had a few questions from the projects team at work as we look towards using XIBO for our company in our worldwide locations.
the questions I Don’t have the answers for.
is there any security Embeded around data saved inside of Xibo CMS and Client?.
When data is moved from the CMS(SSL Protected) to the client, is this data Encrypted in any way?
This is Primarily as we move towards ISO 27001 and we work in secure locations worldwide.
The answer here is it really depends on what you configure.
The CMS doesn’t do any encryption of data at rest or in transit, but if you need those things, then you can configure the servers you run Xibo on to do those jobs.
So for example, you can configure Xibo to run from an encrypted storage device (on Linux that would be using cryptsetup), and then the media library and database are both encrypted at rest.
Communications with Players over the internet should always be protected with TLS, but it’s perfectly possible not to configure your server with that and so that data would not then be encrypted. Assuming you have HTTPS/TLS setup, and you configure your Players to connect over HTTPS, then all data going from the CMS to the Players and back is protected with that encryption.
So in short, if you’re self-hosting Xibo, it’s totally your call what protections you put in place for those things.
If you’re hosting on our Cloud service, then we can provide documentation that covers what we have in place in those areas if you open a ticket with the Helpdesk, but in summary your library data is encrypted at rest, SSL is provided and enforced by default, and all inter-server data transfers in our clusters are encrypted too.