Security by design

We take care of security so you don’t have to. The Servoy architecture encompasses the most stringent security measures. Servoy lets you control access at both the data and user interface levels. Our architecture boasts:

Multiple Application Layer Security Levels

Servoy offers security at both the data and user interface levels. Servoy uses a “user and group system,” which means that all configurations set at group level also apply to users within that group. You can specify access and privileges for each database, table or column, as well as user interface elements for each. You can also specify a tracking option on a table-by-table basis to create an automatic audit trail for each table and for each individual group.

Scriptable Security

Servoy’s security setup interface is easy to use and allows you to script the creation and removal of users and groups, reset passwords, and more. Scriptable security enables you to develop your own custom security settings and configurations while maintaining the simple power and flexibility of the Servoy built-in security.

Automatic Audit Trail

You can turn on an audit trail by checking a box. All changes to the data become logged into a separate log table (connected users, changes/deletes/inserts of data with detailed information on the user, time, old value, new value, table and server information). Every insert, change and delete is time-stamped. Old and new values are stored in a database along with the table name, primary key and more.


Servoy uses SSL with 128-bit encryption for all communications between the client and the server to ensure that data is secure as it travels across the network. You can use your own existing SSL certificate or one purchased from trusted vendors such as Verisign or Thawte.

Solution Protection

You may want to block access to your code’s proprietary algorithms or other forms of intellectual property. Servoy provides solution protection that disables all alterations unless a password is entered.

No Source Code on the Client

Unlike many other applications that use JavaScript for their scripting environment, Servoy’s JavaScript is never sent to the client in human-readable form. Instead, the Servoy Application Server encrypts binary objects to ensure that the security rules you have defined at development time cannot be circumvented on the client side.