FIX&FLEX® runs on JBoss Application Server, which provides a robust enterprise platform. We have addressed security on two fronts, server security, and application security. JBoss allows us to configure a multi-machine topology, which supports multiple layers of security. In addition all connections between machines and from the user's browser are encrypted using 128-bit ciphers.

Application security is built on the J2EE security model and the security extensions provided by ACEGI - part of the Spring framework. ACEGI security provides comprehensive authentication and authorisation controls and is application server technology independent. The ACEGI security layer has been configured to handle both User Id / Password authentication and Single Sign On (SSO) authentication to FIX&FLEX®, while also allowing trust associations to be configured with other third-party security servers such as WebSEAL, SiteMinder or SAML.

FIX&FLEX's® is independently tested to ensure security of the service, more details are available upon request. FIX&FLEX® allows password policies to be defined e.g. account locking (e.g. “three strikes and your out”), password encryption, password history, minimum length.