Blame
|
1 | # Security |
||||||
| 2 | ||||||||
|
3 | Security protects AeThex users, integrations, communities, and infrastructure. |
||||||
|
4 | |||||||
|
5 | --- |
||||||
|
6 | |||||||
|
7 | ## Core Principles |
||||||
| 8 | ||||||||
| 9 | - Least privilege |
|||||||
| 10 | - Scoped access |
|||||||
| 11 | - Server-side verification |
|||||||
| 12 | - Secret rotation |
|||||||
| 13 | - Auditability |
|||||||
| 14 | - User control |
|||||||
| 15 | - Safe defaults |
|||||||
| 16 | ||||||||
| 17 | --- |
|||||||
| 18 | ||||||||
| 19 | ## Developer Rules |
|||||||
| 20 | ||||||||
| 21 | - Keep API keys out of clients. |
|||||||
| 22 | - Validate webhooks. |
|||||||
| 23 | - Use HTTPS. |
|||||||
| 24 | - Store minimal user data. |
|||||||
| 25 | - Log security events. |
|||||||
| 26 | - Rotate secrets after exposure. |
|||||||
| 27 | ||||||||
| 28 | --- |
|||||||
| 29 | ||||||||
| 30 | ## Reporting Security Issues |
|||||||
| 31 | ||||||||
| 32 | Use the support/security channel through [[Support]]. Include enough detail to reproduce the issue safely. |
|||||||