Blame

970c5c Anonymous 2026-06-20 21:50:43
Add AeThex documentation page
1
# Security
2
f6d166 Anonymous 2026-06-23 03:31:09
3
Security documents how AeThex protects identity, data, projects, organizations, APIs, and operational systems.
970c5c Anonymous 2026-06-20 21:50:43
Add AeThex documentation page
4
f6d166 Anonymous 2026-06-23 03:31:09
5
<div class="docs-section-heading">
6
<h2>Security posture</h2>
7
<p>Security is a platform-wide responsibility, not a single feature.</p>
8
</div>
970c5c Anonymous 2026-06-20 21:50:43
Add AeThex documentation page
9
f6d166 Anonymous 2026-06-23 03:31:09
10
Security spans [[Passport]], [[Authentication]], [[Permissions]], [[Security-Model]], infrastructure, API behavior, secret handling, audit logs, and user education.
11
12
## Security priorities
13
14
- Protect identity and session flows.
15
- Keep secrets out of client code and public repos.
16
- Enforce least-privilege permissions.
17
- Audit sensitive actions.
18
- Harden API and webhook integrations.
19
- Document incident response and disclosure expectations.
20
21
## Practical checklist
22
23
1. Use Passport for identity flows.
24
2. Validate tokens server-side.
25
3. Check authorization after authentication.
26
4. Rotate compromised credentials.
27
5. Log admin and security-sensitive actions.
28
6. Review access regularly.
29
30
<div class="docs-grid">
31
<a class="docs-card" href="/Security-Model">Security Model</a>
32
<a class="docs-card" href="/Authentication">Authentication</a>
33
<a class="docs-card" href="/Permissions">Permissions</a>
34
<a class="docs-card" href="/Policies">Policies</a>
35
</div>
36
37
> [!WARNING]
38
> Never paste production secrets, tokens, private keys, or credentials into public docs, tickets, chats, screenshots, or issue trackers.