Security Declaration

Last updated: 08/11/2024

Atrium Cloud: Welcome to the security documentation for our website. Below, we outline the various security measures implemented to ensure the safety and integrity of your data and our application.

1. Django Security Settings

We have configured several security settings in Django to protect our application against common vulnerabilities.

  • Enforcing Secure HTTPS Connections
    • SECURE_SSL_REDIRECT: Redirects all HTTP requests to HTTPS, ensuring that data is encrypted during transmission.
    • SESSION_COOKIE_SECURE: Ensures that session cookies are only sent over secure HTTPS connections, protecting user sessions.
    • CSRF_COOKIE_SECURE: Ensures that CSRF tokens are only sent over HTTPS, enhancing protection against Cross-Site Request Forgery attacks.
  • Securing Headers and Preventing XSS
    • SECURE_BROWSER_XSS_FILTER: Enables the browser's built-in XSS filter to protect against Cross-Site Scripting attacks.
    • SECURE_CONTENT_TYPE_NOSNIFF: Prevents browsers from interpreting files as a different MIME type than what is specified, reducing the risk of certain types of attacks.
  • Trusted Origins for CSRF Protection
    • CSRF_TRUSTED_ORIGINS: Configures the trusted origins for CSRF-protected requests, ensuring only legitimate requests are processed.
  • Custom Admin URL

    To enhance the security of the Django admin panel, we have implemented a dynamic URL that changes based on a secure token, making it more difficult for unauthorized users to locate the admin login page.

  • Google 2FA Authentication

    We have integrated Google 2FA (Two-Factor Authentication) for the Django admin login page, providing an additional layer of security. This ensures that even if credentials are compromised, unauthorized access is still prevented.

  • Google reCAPTCHA

    Google reCAPTCHA is integrated to protect forms from bots and automated abuse. The public and private keys are securely managed through environment variables, ensuring the integrity of the reCAPTCHA implementation.

  • Content Security Policy (CSP)

    We have set up Content Security Policy (CSP) directives to prevent malicious content from being loaded on our web pages, reducing the risk of XSS and other attacks.

  • Content Sanitization

    Sanitizing input data is crucial for preventing various attacks, including XSS and SQL injection. We have implemented strict and normal sanitization methods to clean data before it is stored or displayed, ensuring only safe content is processed.

2. Cloudflare Integration

We use Cloudflare to enhance website performance and security. Cloudflare provides global caching, code optimization, SSL/HTTPS enforcement, and powerful security features like firewalls and DDoS protection.

3. SSL and Firewall Protections

  • Heroku SSL: Heroku SSL is used to encrypt data between your browser and our servers, ensuring that all communications are secure and protected from eavesdropping.
  • Firewalls: We utilize firewalls provided by Cloudflare, Heroku, AWS S3, and Supabase to protect our servers from unauthorized access and attacks. SSL encryption is enforced across all services, ensuring secure data transmission.

4. Database Security and Caching

  • Database Caching: We have implemented caching mechanisms to reduce unnecessary database queries, improving performance and minimizing the risk of overloading the server.
  • Row-Level Security (RLS): Row-Level Security (RLS) is enabled on our PostgreSQL databases to restrict access to data at the row level, ensuring compliance with privacy regulations such as GDPR.
  • Rate Limiting: Our rate limiter prevents excessive requests to the server, protecting against potential denial-of-service attacks and ensuring fair usage of resources.

5. Regular Updates

We regularly update the Django framework and its dependencies to patch security vulnerabilities and maintain optimal performance.

These security measures are designed to protect both our application and users, ensuring a secure and reliable web experience. We are committed to maintaining the highest standards of security and will continue to monitor and enhance our system as needed.

6. Contact Us

If you have any questions or concerns about this Site Security Declaration or our data practices, please contact us.

We use cookies to improve your experience on our website. By continuing to browse, you consent to our use of cookies.
Privacy Policy & Terms of Service.