security

Author: harshilp24

website/docs/product/security.md

@@ -0,0 +1,86 @@
+---
+description: Learn about Appsmith's security features and how to protect your data on the Appsmith platform.
+---
+
+# Security
+
+This page explains the security features and considerations that Appsmith has implemented to make your apps as safe as possible.
+
+## Data security
+
+Appsmith applications are secure-by-default, with a number of strategies in place to protect your data.
+
+- **Encryption**: Appsmith ensures that all sensitive information, such as database credentials and Git SSH keys, are protected using AES-256 encryption. This robust encryption standard safeguards your credentials, making them unreadable to unauthorized users.
+
+- **Data-at-Rest**: For self-hosted instances of Appsmith, security is enhanced through a unique configuration of salt and password values, mitigating the risk of data breaches when data is at rest.
+
+- **SSL Certification**: Self-hosted instances have the option to set up SSL certificates during the installation process using Let's Encrypt, or admins can choose to upload their own SSL certificates to establish a secure connection.
+
+- **Secure Connections**: Appsmith Cloud establishes connections with databases and API endpoints exclusively through whitelisted IP addresses `18.223.74.85` and `3.131.104.27`. All traffic to and from Appsmith Cloud is secured using TLS encryption.
+
+- **Domain Whitelisting**: For self-hosted Appsmith users, it’s necessary to whitelist the domain `cs.appsmith.com`. IP-based whitelisting is not allowed for this domain because it relies on dynamic IPs for scaling and load balancing. 
+
+- **Compliant Hosting**: The cloud version of Appsmith is hosted on AWS data centers that adhere to SOC 1 and SOC 2 compliance standards. These servers provide a secure environment, and their integrity is bolstered by systematic backups to prevent data loss.
+
+- **Access Control**: Internal access to Appsmith Cloud is strictly regulated. A two-factor authentication (2FA) system is in place, along with detailed audit logs to monitor and control access, providing an additional layer of security.
+
+## Appsmith AI
+
+Appsmith AI uses OpenAI’s APIs to provide chat completions and embeddings. Below is an overview of the data Appsmith processes and stores:
+
+1. **Chat completion data:** All interactions through Appsmith’s AI features are processed in real-time via OpenAI's APIs. All response data from OpenAI APIs is transient and **not** stored, logged or retained by Appsmith.
+    
+2. **File upload data:** When you upload files, Appsmith generates embeddings (vector representations of your data) using OpenAI’s embedding API. These embeddings are stored securely in a PostgreSQL database. The original files and content are not stored after processing.
+
+## Query security
+
+- **No Data Logging**: The backend system of Appsmith is designed to act solely as a proxy, without logging or storing any data retrieved from databases or API endpoints. This includes response data and user input, thereby preventing unauthorized data access or leakage.
+
+- **Secure Storage of Queries**: Query configurations and bodies are securely stored within the platform. When an application is in View mode, this information is not disclosed to users, ensuring that sensitive data within the queries remains confidential.
+
+- **Credential Handling**: When executing a query, the Appsmith server securely appends sensitive credentials just prior to forwarding the request to your backend service. This process ensures that sensitive credentials are not exposed to the client's browser.
+
+- **Secrets Management**: API secrets and datasource configurations containing sensitive information are securely handled. While in View mode, these secrets remain concealed, and although you can update secrets in Edit mode, it is not possible to view the current value of existing secrets, maintaining their confidentiality irrespective of the mode.
+
+- **SQL Injection Protection**: To safeguard against SQL injection attacks, all SQL queries on the Appsmith platform have prepared statements enabled by default. This feature helps prevent unauthorized commands from being executed via user input.
+
+## JavaScript security
+
+Appsmith takes measures to ensure JavaScript security within the platform, but it is important to understand the context in which JavaScript code is executed and accessed.
+
+- **Client-Side Execution**: JavaScript code within an Appsmith app executes on the client's side. This implies that users can use browser tools to inspect and potentially view your JavaScript code. Code visibility is an inherent trait of client-side JavaScript, underscoring the need for caution when dealing with sensitive information.
+
+- **Handling Sensitive Data**: It is critical to avoid embedding sensitive keys or credentials within your JavaScript code in plain text. Best practices for securing client-side code should be implemented.
+
+- **Local Storage Caution**: Utilizing Appsmith's `storeValue()` function to store sensitive information is discouraged. Data stored using this function resides in the browser's local storage and can be inspected by users, posing a security risk.
+
+- **DOM API Exposure**: Direct access to JavaScript DOM APIs is not provided by Appsmith to minimize security risks. However, certain featuressuch as `setInterval()`and `clearInterval()` are offered through similar, global framework functions.
+
+- **Fetch API Specifics**: Although the JavaScript `Fetch` API is supported on Appsmith, it is configured to exclude cookies or session data in requests, further aligning with security protocols.
+
+## Sandboxed Iframe widgets
+
+With the update to version 1.8.6 and beyond, Appsmith has enhanced the security of Iframe widgets through the use of the `sandbox` attribute.
+
+- **XSS Mitigation**: The `sandbox` attribute is enabled by default on Iframe widgets to mitigate the risk of [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) attacks. While this may limit certain capabilities, it generally does not interfere with the anticipated functionalities of the Iframe widget in typical use cases.
+
+- **Sandboxing Control**: Administration of the `sandbox` attribute is possible through the `APPSMITH_DISABLE_IFRAME_WIDGET_SANDBOX` environment variable within the `stacks/configuration/docker.env` file of the Appsmith instance. Setting this variable to `true` removes the sandboxing attributes, and hence, should be done judiciously, acknowledging the potential implications for security.
+
+```sh
+APPSMITH_DISABLE_IFRAME_WIDGET_SANDBOX=false
+```
+
+## Login rate limiting
+
+Rate limiting on password-based login attempts is implemented with the following traits:
+
+- Five consecutive failed login attempts will lock the account of that email address for 24 hours.
+- A successful forgot-password flow for that email, will immediately unlock the account for login.
+
+This method allows for a good balance between security, and convenience. Having the lock makes brute-force a lot less feasible, and yet the original owner of the email still has a way to unlock their account when needed.
+
+These security implementations demonstrate Appsmith's commitment to maintaining a secure environment for developers and users alike. By following the guidelines provided, you can contribute to creating secure applications on the Appsmith platform.
+
+:::info
+Appsmith maintains an open communication channel with security researchers to report security vulnerabilities responsibly. If you notice a security vulnerability, please email `security@appsmith.com`.
+:::

website/docs/product/support.md

@@ -0,0 +1,30 @@
+---
+description: >-
+  This page provides information on how users can reach Appsmith support.
+---
+
+# Support at Appsmith
+
+When users need help with Appsmith, prompt access to support is crucial. This page provides an overview of the available channels through which you can reach Appsmith support.
+
+## Discord
+
+The Discord community serves as a valuable resource for users seeking help and community engagement. While it may not always be the primary channel for paid support, the support team is available to assist users in Discord. Here's how you can contact support through the Discord server:
+
+1. Join Appsmith on [Discord Server](https://discord.com/invite/rBTTVJp).
+2. Navigate to the [Support channel](https://discord.com/channels/725602949748752515/1006426744129069096) to raise queries.
+
+## Intercom
+
+If you need immediate help while using Appsmith, you can access support directly through the Intercom chat feature:
+
+- Click the **Help** button within Appsmith.
+- Select **Chat with Us** to start a conversation with the support team.
+
+## Priority support
+
+Priority Support ensures expedited assistance for paid plan customers. Here's how you can access priority support:
+
+- **Email**: You can reach the support team directly via email at [support@appsmith.com](mailto:support@appsmith.com).
+
+- **Account Manager**: Enterprise plan customers have the option to contact their dedicated Account Manager for personalized assistance.

website/docs/product/telemetry.md

@@ -0,0 +1,210 @@
+---
+description: This page provides information on the data collected by Appsmith.
+---
+
+# Telemetry
+
+Telemetry in Appsmith refers to the collection of data about how users interact with the platform. This data helps the Appsmith team identify usage patterns, troubleshoot issues, and make informed decisions about new features and improvements.
+
+## Data collected by Appsmith
+
+Appsmith is a lightweight proxy and **does not capture** any data returned by your APIs, databases, or third-party tools. All data captured from a self-hosted instance is completely anonymised for user information.
+
+### Keep-alive ping
+
+The Appsmith server sends a keep-alive ping every 2 hours to indicate that it's still running without any errors. This data is collected irrespective of whether telemetry is turned on or off.
+
+```javascript title="sample keep-alive ping"
+{
+    "event": "FETCH_RELEASE_NOTES",
+    "properties": {
+        "time": 1704784217.602,
+        "distinct_id": "609ce8fb4092701c69df9846",
+        "$identified_id": "609ce8fb4092701c69df9846",
+        "$import": true,
+        "$insert_id": "75ddda7c-ba47-41e0-9578-7d3afaf05284",
+        "$lib_version": "3.3.1",
+        "$mp_api_endpoint": "api.mixpanel.com",
+        "$mp_api_timestamp_ms": 1704784233604,
+        "$source": "segment",
+        "$user_id": "609ce8fb4092701c69df9846",
+        "edition": "CE",
+        "id": "609ce8fb4092701c69df9846",
+        "instanceId": "609ce8fb4092701c69df9846",
+        "mp_lib": "Segment Actions: analytics-java",
+        "mp_processing_time_ms": 1704784233665,
+        "originService": "cloud-services",
+        "segment_source_name": "cloud-services",
+        "type": "fetch-release-notes",
+        "version": "v1.9.15"
+    }
+}
+```
+
+### Server setup ping
+Appsmith server sends a ping first time a new instance is created. This data is collected irrespective of whether telemetry is turned on or off.
+
+```javascript title="sample server-setup ping"
+{
+    "event": "Installation Setup Complete",
+    "properties": {
+        "time": 1704784091.249,
+        "distinct_id": "659cf0bd504813315c336bf7",
+        "$browser": "",
+        "$city": "Mysore",
+        "$identified_id": "659cf0bd504813315c336bf7",
+        "$import": true,
+        "$insert_id": "d684e7ed-1211-4518-a19c-8f22925526e0",
+        "$lib_version": "3.3.1",
+        "$mp_api_endpoint": "api.mixpanel.com",
+        "$mp_api_timestamp_ms": 1704784101374,
+        "$region": "Karnataka",
+        "$source": "segment",
+        "$user_id": "659cf0bd504813315c336bf7",
+        "disable-telemetry": false,
+        "email": "",
+        "emailDomainHash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+        "goal": "just exploring",
+        "id": "659cf0bd504813315c336bf7",
+        "instanceId": "659cf0bd504813315c336bf7",
+        "ipAddress": "117.211.16.3", // IP address is of the server used to host the instance and not the client IP
+        "mp_country_code": "IN",
+        "mp_lib": "Segment Actions: analytics-java",
+        "mp_processing_time_ms": 1704784101771,
+        "name": "",
+        "originService": "appsmith-server",
+        "proficiency": "",
+        "role": "frontend engineer",
+        "segment_source_name": "ce",
+        "subscribe-marketing": false, // If user subscribes to marketing updates, we get the name and email address as well along with above information
+        "version": "v1.9.56"
+    }
+}
+
+```
+
+### Usage pulse for billing
+
+The Appsmith client triggers a usage pulse whenever a user performs an action on their Appsmith instance. The usage pulse primarily contains information such as the timestamp, a hashed `userId` to map the user, and the app mode in which the action was performed. The data is collected on the server-side and sent to the Appsmith cloud services in batches every hour. These pulses are then processed to present aggregate information to customers on customer portal. This data is collected only for paying customers, regardless of whether telemetry is on or off.
+
+```javascript title="sample usage-payload billing"
+{
+    "usageData": [{
+        "user": "f3273dd18d95bc19d51d3e6356e4a679e6f13824497272a270e7bb540b0abb9d",
+        "tenantId": "6fh76357fbe7e44f3a47a",
+        "viewMode": false, // To determine if action was done in edit mode or view mode of application
+        "isAnonymousUser": false, // To determine if pulse was triggered by logged-in user or an anonymous user
+        "createdAt": 188474747
+    }],
+    "message": "hash-message",
+    "hashedMessage": "c8ec6166d030765ff0f88ce40f4494bc6ef99f9d65dfbecd974c6359d1cac7ac",
+    "instanceId": "63ef757fbe7e44f3a47a"
+}
+
+``` 
+
+### Navigation and clicks
+
+The client captures anonymous behavioral data around navigation and clicks. This data is only collected when telemetry is turned on. 
+
+```javascript title="Sample event"
+{
+  "anonymousId": "0b62ab60-02ad-4f69-a181-d9c5eb2f97fa",
+  "context": {
+    "ip": "49.207.192.209",
+    "library": {
+      "name": "analytics.js",
+      "version": "4.0.4"
+    },
+    "locale": "en-US",
+    "page": {
+      "path": "/applications",
+      "referrer": "https://dev.appsmith.com/applications",
+      "search": "",
+      "title": "Editor | Appsmith",
+      "url": "https://dev.appsmith.com/applications"
+    },
+    "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36"
+  },
+  "event": "APPLICATIONS_PAGE_LOAD",
+  "integrations": {},
+  "messageId": "ajs-9176c8f5ebc607524746206ea6aa7502",
+  "originalTimestamp": "2020-11-04T10:52:14.616Z",
+  "properties": {},
+  "receivedAt": "2020-11-04T10:52:14.750Z",
+  "sentAt": "2020-11-04T10:52:14.618Z",
+  "timestamp": "2020-11-04T10:52:14.748Z",
+  "type": "track",
+  "userId": "a3d8b23b9b0cac986af79f4826d009463f8dfc372f188934710115491b7665a1"
+}
+```
+
+### Successful backend calls
+The server shares anonymous information about successful query processes, new application creation, user logins, connections to additional plugins, etc. This data is only collected when telemetry is turned on. 
+
+```javascript title="sample successful backend call"
+{
+    "context": {
+        "library": {
+            "name": "analytics-java",
+            "version": "2.1.1"
+        }
+    },
+    "event": "execute_ACTION_TRIGGERED",
+    "integrations": {},
+    "messageId": "0f6b07ee-0717-413-808c-c25b09c0468",
+    "originalTimestamp": "2021-08-24T07:23:35.610Z",
+    "properties": {
+        "appId": "612465f87b2230debedfc6",
+        "appMode": "edit",
+        "appName": "APP1",
+        "datasource": {
+            "name": "Test App"
+        },
+        "instanceId": "612460418944011a10fa5b",
+        "isExampleApp": false,
+        "isSuccessfulExecution": true,
+        "name": "Test",
+        "orgId": "612464f7f230debedfc4",
+        "originService": "appsmith-server",
+        "pageId": "612465802230debedfc8",
+        "pageName": "Page1",
+        "pluginName": "PostgreSQL",
+        "statusCode": "",
+        "timeElapsed": 8,
+        "type": "DB",
+        "username": "70280e5d07e61e5e915e5d26ac8704bbd68d3f75ebad67ba439f4c354d7"
+    },
+    "receivedAt": "2021-08-24T07:23:39.996Z",
+    "sentAt": "2021-08-24T07:23:39.885Z",
+    "timestamp": "2021-08-24T07:23:35.721Z",
+    "type": "track",
+    "userId": "70280e5dd9e61e5e91526ac8704bbd68d3f75ebad67ba439f4c354d7",
+}
+```
+
+## Disable telemetry
+
+Sharing telemetry is optional, and you can disable telemetry either from Admin Settings or by making changes to the environment variable.
+
+### Admin Settings
+
+Follow the steps below to turn off telemetry using Admin settings:
+
+1. Go to **Admin Settings**, select **General** from left navigation bar, and scroll to **Share anonymous usage data**.
+2. Click the **Save & Restart** button to restart the container for the changes to take effect.
+
+### Environment variable
+
+You may also choose to turn off telemetry setting using environment variable `APPSMITH_DISABLE_TELEMETRY`. For example, to turn off the setting for your docker installation, follow the steps below:
+
+1. Go to the _directory_ where the `docker.env` file is located.
+2. Open the file in an editor and search for `APPSMITH_DISABLE_TELEMETRY`
+3. Change the value of `APPSMITH_DISABLE_TELEMETRY` from `false` to `true` and save it
+4. Go to the location where the `docker-compose.yml` file is located **`(docker host directory)`**
+5. Restart the container using the command
+
+```bash
+sudo docker-compose rm -fsv appsmith && sudo docker-compose up -d
+```
+Once the container restarts, Appsmith is up and running, the telemetry is turned off. You can verify that the telemetry is turned off using **Admin Settings**, select **General**, and verify the toggle is off for **Share anonymous usage data** setting.

website/sidebars.js

@@ -169,7 +169,22 @@ const sidebars = {
         },
               ],
     },
-    
+    {
+      // Product Start
+      type: 'category',
+      collapsed: false,
+      label: 'Product',
+      items: [
+        'product/security',
+        'product/telemetry',
+        'product/support',
+        {
+          type: 'link',
+          label: 'Privacy Policy',
+          href: 'https://www.appsmith.com/privacy-policy',
+        },
+      ],
+    }, // Product End
 
   ],
 };