...
uPortal ensures security by following current best practices to guard against SQL injection and cross-site scripting attacks. User attributes and data from remote sources are not copied into the uPortal database, protecting the privacy of uPortal users and preventing the proliferation of sensitive data across campus databases.
Statistics and Auditing
uPortal includes a database-persistent event logger capable of tracking large amounts of information about portal usage. Activities that are supported out of the box include user sessions, portlet interactions, and portlet rendering times. uPortal can even be customized to allow additional logging events.
Portlet Development and Deployment
...