Security policy

Various level of security

JWT and signed token (Token lifetime can be setup in configuration file, but suggested to be short);
POSTing your Datapoints timeseries allows signed payloads (with a shared secret) to check and verify sender;
POSTing your Datapoints timeseries allows encrypted payloads (aes-256-cbc only yet; with a shared secret, no public key yet);
POSTing your Datapoints timeseries allows both signed + encrypted payloads;
Optionally, signature and/or encryption can be required from a Flow;
Using aes-256-cbc Preprocessor will allows to store encrypted data in timeseries; but prevent you from Exploratory Data Analysis as t6 wouldn't be able to read your data :-)
Rule based events can send data to Mqtt using encryption;
User passwords are bcrypt-hashed in database; at least not in clear;
User passwords recovery process is secured, but still can be improved when the User set it's own password and Post data;
t6 is using multiple private certificates to run DKIM on email sending, Firebase FCM certificate;

Authentification process

Authentification process is not allowing wrong password and is sending an email to registered users when 4 invalid credentials are used within a 1 hour window.
Please note that during authentication process, the user IP address (v4 and/or v6) can be logged on the user account for sattistic purpose.
Authentication in t6 is available in 3 modes:
- a matching username+passwords for credentials;
- a valid Key+Secret temporary and revokable token;
- or a refresh token process. All of these modes generates a signed JWT from the server and can be used fo a limited time.

Session duration

Sessions on t6 is using JWT short life Bearer tokens. Session last 5 minutes before token expires itself. Additionally, during authentication process a refreshToken is provided by t6 (this token last 24hours) giving the ability to refresh the token.

Data hosting

t6 on Saas is hosting data in Europe. And 2 alternatives are available to bypass this behaviour :

POSTing your Datapoints using save: false in the payload AND customizing the InfluxData Cloud Storage so that you can have a different data location external to t6
Installing your own t6 wherever you wants using this Github repository

t6 Technical Api Documentation. Please refers to CONTRIBUTING.md in case you would like to help :-)

Index of t6 wiki

Installing t6
Internal errors
Repository structure
Six main Resources
Other Resources
- Datapoints
- Users
- UIs 💥 not detailed
- Mqtt Topic 💥 not detailed
Referentials
- Data-Types
- Units
Technical Api Documentation 🔗
TWA Application Screenshots
t6 Security policy
Advanced t6 concepts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Security policy

Various level of security

Authentification process

Session duration

Data hosting

t6 Technical Api Documentation. Please refers to CONTRIBUTING.md in case you would like to help :-)

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally