Security & Access Control
Security in NFCRM is designed with a multi-layered approach to ensure data protection, controlled access, and compliance with modern security standards.
As a centralized system handling sensitive customer, deal, and revenue data, NFCRM implements robust authentication, authorization, and data protection mechanisms to prevent unauthorized access and security threats.
🔐 Role-Based Access Control (RBAC)
Super Admin
Full system control including user management, configuration, and data access.
Manager
Access to team-level data, performance tracking, and lead/deal management.
- Sales Representative: Access limited to assigned leads, deals, and activities.
- Affiliate / Partner: Access to referral data, commissions, and limited deal visibility.
🛡️ Authentication & Data Protection
Firebase OTP Auth (2FA)
Adds an additional verification layer to ensure only verified users can access the system.
Bcrypt Password Hashing
Ensures passwords are securely encrypted and never stored in plain text.
Secure Session Management
Prevents session hijacking and unauthorized reuse of active sessions.
🚫 Threat Protection Mechanisms
- CSRF Protection: Prevents unauthorized form submissions and cross-site request forgery attacks.
- SQL Injection Prevention: Uses PDO prepared statements to protect against malicious database queries.
- XSS Filtering: Sanitizes user input to prevent script injection attacks.