This is an automated email from the ASF dual-hosted git repository. linkinstar pushed a commit to branch docs/security-model in repository https://gitbox.apache.org/repos/asf/answer-website.git
commit fc80657ee8b81ba58eab2cd3908834b93c2c8bac Author: LinkinStars <[email protected]> AuthorDate: Fri Feb 14 11:40:36 2025 +0800 docs(docusaurus): add security model documentation --- community/security-model.md | 29 +++++++++++++++++++++++++++++ docusaurus.config.js | 4 ++++ static/img/community/captcha.png | Bin 0 -> 36356 bytes 3 files changed, 33 insertions(+) diff --git a/community/security-model.md b/community/security-model.md new file mode 100644 index 000000000..0147f7012 --- /dev/null +++ b/community/security-model.md @@ -0,0 +1,29 @@ +--- +slug: /security-model +--- + +# Apache Answer Security Model + +This document outlines the security model of Apache Answer. It aims to help users understand the security model and make informed decisions about deploying and managing Apache Answer securely. + +## Admin Permission Security + +**Admin users have full system permissions**, which includes access to potentially vulnerable operations. While we assume administrators won't attack their own websites, it's crucial to exercise caution when assigning admin privileges. + +So, if a security issue comes up in the administrator page, this is usually not considered a problem. Because the administrator has the authority to do so. Unless a normal user can overstep his authority to operate outside of his capabilities. + +## Captcha + +CAPTCHA is an essential security measure to prevent automated attacks and abuse. Apache Answer will not be responsible for security issues arising from disabled CAPTCHA protection. For example, if the user disables the CAPTCHA, it may allow an attacker to crack the user's password by brute force. + + + +## Custom Plugin Security + +Apache Answer only guarantees the security of official plugins distributed through our [official repository](https://github.com/apache/answer-plugins). We take no responsibility for security issues arising from third-party plugins. + +:::caution + +If you find a security bug, with that in mind, please do not file public issues. You can follow the instructions in the [security policy](https://github.com/apache/answer/security/policy) to report it privately. We will fix it as soon as possible. + +::: \ No newline at end of file diff --git a/docusaurus.config.js b/docusaurus.config.js index 8655389dd..e26b20547 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -139,6 +139,10 @@ const config = { label: 'Security', to: 'community/security', }, + { + label: 'SecurityModel', + to: 'community/security-model', + }, { label: 'Contributing', to: 'community/contributing', diff --git a/static/img/community/captcha.png b/static/img/community/captcha.png new file mode 100644 index 000000000..7a816adb3 Binary files /dev/null and b/static/img/community/captcha.png differ
