Currently, this is the initial release of the HEX Open Data Portal Tools subproject. We support the following versions:
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
| < 1.0 | ❌ |
| Feature | Status |
|---|---|
| Firebase Authentication | ✅ |
| Firebase Storage | ✅ |
| Firebase Realtime Database | ✅ |
| CSV Data Processing | ✅ |
| AI Assistant (Uncle HEX) | ✅ |
| AI Assistant (Personal Admin Assistant) | ✅ |
| reCAPTCHA v2 Checkbox | ✅ |
We take the security of HEX Open Data Portal Tools seriously. If you believe you have found a security vulnerability, please report it to us following these steps:
- Do Not disclose the vulnerability publicly until it has been addressed by our team
- Visit our Website Security Report page at uhspace.org/security-report
- Include the following information:
- Description of the vulnerability
- Steps to reproduce the issue
- Affected versions
- Any potential mitigations you've identified
- Acknowledgment of your report within 48 hours
- Regular updates on our progress addressing the vulnerability
- Credit for responsibly disclosing the issue (if desired)
Our project implements several security measures:
- Environment variables for sensitive configurations
- Firebase security rules for data access
- Input validation for file uploads
- Secure file handling practices
- Regular dependency updates
- reCAPTCHA v2 Checkbox integration:
- Implemented on login forms
- Protected API endpoints
- Bot detection and prevention
- User verification before sensitive actions
For security concerns, please contact:
- Primary Contact: Email uhspacehub@gmail.com
-
SSL/TLS Configuration:
- SSL/TLS configured for uhspace.org using Let's Encrypt certificates
- AWS Certificate Manager handles SSL for uhspace.org
- Automatic certificate renewal and management
-
Nginx as a Reverse Proxy:
- HTTPS traffic handling
- HTTP to HTTPS redirection
- Secure backend request forwarding
-
Load Balancer:
- Elastic Load Balancer (ELB) with SSL certification
- Automatic traffic distribution
- Enhanced availability and fault tolerance
-
API Access:
- Secure routing through uhspace.org/api
- Clear frontend/backend separation
- Protected API endpoints
- reCAPTCHA verification for sensitive operations
-
AWS Infrastructure:
- Hosted on AWS EC2 instance
- Docker containerization for isolation
- Enhanced deployment efficiency
- Version control management
-
Domain Security:
- Full support for both uhspace.org
- DNS configuration for both root and subdomain
- SEO-friendly setup preventing content duplication
-
Anti-Bot Protection:
- reCAPTCHA v2 Checkbox implementation
- Protection against automated attacks
- Human verification for critical actions
- Rate limiting for API requests
- Enhanced security headers
- Advanced input validation
- Cross-site scripting (XSS) protection
- Data injection prevention
- Regular security audits
- Automated vulnerability scanning
- Advanced bot detection systems
- Machine learning-based threat detection
This document was last updated: November 10, 2024