@hdsuportSSL would be set up on your end so I'm not sure what you mean..?We have email and password authentication for both staff and users. The passwords, of course, are stored externally and encrypted. We have checks in place for file uploads to prevent xss injections. We have checks on incoming emails to prevent xss. We have a lot of things. We try to make osTicket as safe and secure as possible. If you're looking for something more specific please ask and we'll try to answer as best as we can.Cheers.