This is an automated email from the ASF dual-hosted git repository. linkinstar pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/answer-website.git
commit 2b5b1d9bf98b7fb4a3e63ce767aad05710790054 Author: LinkinStars <[email protected]> AuthorDate: Fri Feb 14 11:40:36 2025 +0800 docs(docusaurus): add security model documentation --- community/security-model.md | 29 +++++++++++++++++++++++++++++ docusaurus.config.js | 4 ++++ static/img/community/captcha.png | Bin 0 -> 36356 bytes 3 files changed, 33 insertions(+) diff --git a/community/security-model.md b/community/security-model.md new file mode 100644 index 000000000..0147f7012 --- /dev/null +++ b/community/security-model.md @@ -0,0 +1,29 @@ +--- +slug: /security-model +--- + +# Apache Answer Security Model + +This document outlines the security model of Apache Answer. It aims to help users understand the security model and make informed decisions about deploying and managing Apache Answer securely. + +## Admin Permission Security + +**Admin users have full system permissions**, which includes access to potentially vulnerable operations. While we assume administrators won't attack their own websites, it's crucial to exercise caution when assigning admin privileges. + +So, if a security issue comes up in the administrator page, this is usually not considered a problem. Because the administrator has the authority to do so. Unless a normal user can overstep his authority to operate outside of his capabilities. + +## Captcha + +CAPTCHA is an essential security measure to prevent automated attacks and abuse. Apache Answer will not be responsible for security issues arising from disabled CAPTCHA protection. For example, if the user disables the CAPTCHA, it may allow an attacker to crack the user's password by brute force. + + + +## Custom Plugin Security + +Apache Answer only guarantees the security of official plugins distributed through our [official repository](https://github.com/apache/answer-plugins). We take no responsibility for security issues arising from third-party plugins. + +:::caution + +If you find a security bug, with that in mind, please do not file public issues. You can follow the instructions in the [security policy](https://github.com/apache/answer/security/policy) to report it privately. We will fix it as soon as possible. + +::: \ No newline at end of file diff --git a/docusaurus.config.js b/docusaurus.config.js index c1d91abd1..fde18e866 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -144,6 +144,10 @@ const config = { label: 'Security', to: 'community/security', }, + { + label: 'SecurityModel', + to: 'community/security-model', + }, { label: 'Contributing', to: 'community/contributing', diff --git a/static/img/community/captcha.png b/static/img/community/captcha.png new file mode 100644 index 000000000..7a816adb3 Binary files /dev/null and b/static/img/community/captcha.png differ
