Skip to content

Docs/security model #302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
LinkinStars merged 2 commits into from
Feb 21, 2025
Merged

Docs/security model #302

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fc80657
docs(docusaurus): add security model documentation
LinkinStars Feb 14, 2025
d005e9f
docs/community: update security model documentation and sidebar
LinkinStars Feb 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 29 additions & 0 deletions community/security-model.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
slug: /security-model
---

# Security Model

This document outlines the security model of Apache Answer. It aims to help users understand the security model and make informed decisions about deploying and managing Apache Answer securely.

## Admin Permission Security

**Admin users have full system permissions**, which includes access to potentially vulnerable operations. While we assume administrators won't attack their own websites, it's crucial to exercise caution when assigning admin privileges.

So, if a security issue comes up in the administrator page, this is usually not considered a problem. Because the administrator has the authority to do so. Unless a normal user can overstep his authority to operate outside of his capabilities.

## Captcha Security

CAPTCHA is an essential security measure to prevent automated attacks and abuse. Apache Answer will not be responsible for security issues arising from disabled CAPTCHA protection. For example, if the user disables the CAPTCHA, it may allow an attacker to crack the user's password by brute force.

![captcha](/img/community/captcha.png)

## Custom Plugin Security

Apache Answer only guarantees the security of official plugins distributed through our [official repository](https://github.com/apache/answer-plugins). We take no responsibility for security issues arising from third-party plugins.

:::caution

If you find a security bug, with that in mind, please do not file public issues. You can follow the instructions in the [security policy](https://github.com/apache/answer/security/policy) to report it privately. We will fix it as soon as possible.

:::
4 changes: 4 additions & 0 deletions docusaurus.config.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,10 @@ const config = {
label: 'Security',
to: 'community/security',
},
{
label: 'SecurityModel',
to: 'community/security-model',
},
{
label: 'Contributing',
to: 'community/contributing',
Expand Down
1 change: 1 addition & 0 deletions sidebarsCommunity.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ module.exports = {
'support',
'team',
'security',
'security-model',
{
type: 'category',
label: 'Contributing',
Expand Down
Binary file added static/img/community/captcha.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.