The Research Of GSP Medicine Management System's Security Based On SaaS

Software as a service is a software model which is rising. It will put the concept of service into traditional software models, firsty the customers use in free,then buy their required services, at last this way reduces cost. Because of its on-demand pay, convenient and low cost of maintenance and upgrades, etc., SaaS has become a hot topic in software.In traditional Chinese medicine retail industry, most of them are SMEs. Faced with this reality, this SaaS model will be used in medicine management system.SaaS provides software services over the Internet, customer data centrally stored on service provider. Therefore, in the promotion process, the security problem is the most difficult bottleneck. Facing the security challenge of SaaS software whether can protect users sensitive datas, this article attempts to identity authentication, access control policy, user data isolation, and encryption to study and explore.Firsty comparing SaaS model with traditional software model, this article introduces the advantages of SaaS software model and it has better fitness for traditional small and medium enterprises, and further clarify the practical significance and necessity about the SaaS model will be used in traditional medicine management software. Then explain the system's framework, platform and model structure. In system design, uses.NET platform and MVC. The use of a unified identity authentication, to send out a request from the user must be intercepted by authentication server, through LDAP server, access control server and authorization server detect and ultimately to get the token. More stringent authentication and access control, to ensure system security.In the user data isolation strategy, using data storage mode of shared databases, shared schema. It storages all users of data with a table, therefore have higher requirements of data isolation. This further put forward a thinking of a one-way point directory hierarchical approach and SQL view, separate from each other the original physically adjacent datas, so as to solve the security risk posed by the user data is stored in a table. Encrypting users sensitive data is another way to protect security, through the comparison of two kinds of cryptography, this article uses a hybrid cryptosystem:a key and a pair of public key and private key, which ensures the fast speed of encryption and decryption, also reduced risk of the data transmission on net. And then from a technical level, explain the detail of the encryption algorithm.Using SaaS model in medical management system is to meet the majority of small and medium Chinese enterprises' information needs to achieve the win-win situation of software developers and pharmaceutical retailers. Therefore, the safety studies of medical management software based on SaaS model, to provide security for the SaaS model to promote the software is of great significance.