Documentation / Core Concepts / Security Considerations

Security Considerations

📅 Updated: May 21, 2025
👤 Author: LebCit
⏱️ Reading time:
On this page

Input Validation & Sanitization

  1. Markdown Content: Parsed and sanitized
  2. File Uploads: Type and size validation
  3. User Input: XSS prevention
  4. SQL Injection: N/A (file-based storage)

Access Control

  1. Authentication: Required for all admin operations
  2. Authorization: Role-based permissions
  3. CSRF Protection: Signed cookies and tokens
  4. Rate Limiting: Prevent brute force attacks

Security Headers

// Security middleware
'X-Frame-Options': 'DENY'
'X-Content-Type-Options': 'nosniff'
'X-XSS-Protection': '1; mode=block'
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'

File System Security

  1. Path Traversal Prevention: Normalize and validate paths
  2. File Type Restrictions: Whitelist allowed extensions
  3. Metadata Isolation: Separate .metadata.json files