-
-
Notifications
You must be signed in to change notification settings - Fork 8
Security policy
mathcoll edited this page Jul 4, 2021
·
19 revisions
- JWT and signed token (Token lifetime can be setup in configuration file, but suggested to be short);
- POSTing your Datapointss timeseries allows signed payloads (with a shared secret) to check and verify sender;
- POSTing your Datapointss timeseries allows encrypted payloads (aes-256-cbc only yet; with a shared secret, no public key yet);
- POSTing your Datapointss timeseries allows both signed + encrypted payloads;
- Optionally, signature and/or encryption can be required from a Flow;
- Using aes-256-cbc Preprocessor will allows to store encrypted data in timeseries; but prevent you from Exploratory Data Analysis as t6 wouldn't be able to read your data :-)
- Rule based events can send data to Mqtt using encryption;
- User passwords are bcrypt-hashed in database; at least not in clear;
- User passwords recovery process is secured, but still can be improved when the User set it's own password and Post data;
- t6 is using multiple private certificates to run DKIM on email sending, Firebase FCM certificate;
t6 on Saas is hosting data in Europe. And 2 alternatives are available to bypass this behaviour :
- POSTing your Datapointss using
save: falsein the payload AND customizing the InfluxData Cloud Storage so that you can have a different data location external to t6 - Installing your own t6 wherever you wants using this Github repository
t6 Technical Api Documentation. Please refers to CONTRIBUTING.md in case you would like to help :-)
- Installing t6
- Internal errors
- Repository structure
- Six main Resources
- Other Resources
- Datapoints
- Users
- UIs 💥 not detailed
- Mqtt Topic 💥 not detailed
- Referentials
- Technical Api Documentation 🔗
- TWA Application Screenshots
- t6 Security policy
- Advanced t6 concepts