Technology Stock¶
1. Merci¶
Merci has been created as a tool to aid codeless software development.
2. Frameworks Used¶
- Languages: Python, PHP, JQuery, JS, CSS3
- Tools: Bootstrap, Tensorflow, Handsontable, Redis
- AI: Tensorflow
- Technology: RPA, PWA, GZip, File Caching
3. Database¶
- Oracle MySQL Enterprise
4. Architecture¶
- Cloud-Based (OCI)
- Client-Server Model
5. License Type¶
- Proprietary
6. Advantages¶
| # | Advantage Description |
|---|---|
| 1 | Highly Customizable – Solutions can be built entirely based on customer needs without restrictions. |
| 2 | Flexible Development – Developers can implement features freely, without the constraints of a rigid structure. |
| 3 | Faster Prototyping – With Merci as a framework, quick Proof of Concepts (POC) can be developed. |
| 4 | Lower Licensing Costs – No need to invest in proprietary frameworks or third-party dependencies. |
| 5 | Easy to Integrate – Can be integrated with third-party applications without worrying about framework compatibility. |
| 6 | Reduced Technical Debt – Avoids the need to constantly update or maintain a pre-built framework. |
| 7 | Innovative Solutions – Unique features and architectures can be developed without limitations. |
| 8 | Adaptability to Industry Needs – Can build sector-specific functionalities without constraints. |
| 9 | Scalable Architecture – Developers can choose scalable solutions instead of being limited by framework restrictions. |
| 10 | No Vendor Lock-in – Free from dependency on any external framework provider. |
| 11 | Easier Debugging – In-built routines available for granular-level debugging. |
| 12 | Optimized for Performance – Avoids unnecessary overheads, leading to potentially better performance. |
| 13 | Independent Updates – No need to wait for framework updates or worry about version conflicts. |
| 14 | Lower Learning Curve for New Developers – No need to learn a specific framework before working on the ERP. |
| 15 | Better Security Control – Standard security measures are in place, rather than relying on framework-provided ones. |
| 16 | Freedom to Use Any Technology Stack – Can choose the best-suited technology beyond framework constraints. |
| 17 | Extend UI/UX – The ERP system's user interface can be redesigned without adhering to framework limitations. |
| 18 | Efficient Resource Utilization – Development teams can focus only on required functionalities. |
| 19 | No Overhead Code – Only necessary components are built, eliminating unnecessary framework components. |
| 20 | Total Ownership of Code – The company retains complete control over the ERP system’s structure and logic. |
7. Security Features¶
| # | Security Measure |
|---|---|
| 1 | Secure Query Execution – Merci uses prepared statements and parameterized queries in PHP and Python. |
| 2 | Input Validation – Merci applies input validation before processing user input. |
| 3 | Web Application Firewall (WAF) – IPTables has been configured to filter SQL injection attempts. |
| 4 | Controlled Query Execution – Already implemented behind WAF, using single query execution function to filter and eliminate unwanted queryies / injections / threats. |
| 5 | Strong NGINX Policies – Enforced for added web server security. |
| 6 | Cross-Origin Access Denied – Prevents unauthorized access. |
| 7 | JSON-Based Tokens Over HTTPS – Ensuring secure authentication. |
| 8 | Firewall Rules (IPTables, UFW) – Implemented to restrict access. |
| 9 | Intrusion Detection & Prevention Systems (IDS/IPS) – Actively monitoring threats. |
| 10 | Least Privilege Principle – Disabling unnecessary services. |
| 11 | TLS Over SSL & HTTPS – Ensuring secure data transmission. |
| 12 | SSL/TLS Encryption for Database Connections – Strengthening security, and DB connections allowed only from Compute Instance in local network. |
| 13 | Remote Login Disabled in MySQL – Preventing unauthorized access. |
| 14 | Automated Encrypted Backups – Ensuring data integrity and security at separate geo-located servers. |
| 15 | Geo-Redundant Storage – Data redundancy for disaster recovery. |
| 16 | CSP Headers Implementation – Protecting against XSS attacks. |
| 17 | Disabling Inline JavaScript Execution – Preventing cross-site scripting attacks. |
| 18 | Rate Limiting at NGINX Web Server – Preventing DDoS attacks and abuse. |
| 19 | Black listing & Banning – Fail2Ban is in place, configured to Limit Rates & Black List offending origins / IP Addresses. |
This document outlines the Merci technology stack, its advantages, and the security features that ensure a robust and scalable ERP development experience.