Security¶
This guide covers security considerations for OSGEO-Inject.
Design Principles¶
- Minimal Surface Area: Only serve static files
- Defense in Depth: Multiple security layers
- Least Privilege: Restrict access to whitelisted origins
- Fail Secure: Default to denying access
Security Layers¶
HTTPS Only¶
All traffic must use HTTPS:
CORS Whitelist¶
Only approved domains can load resources:
map $http_origin $cors_origin {
default ""; # Deny by default
"~^https?://.*\.osgeo\.org$" $http_origin;
}
Content Security Policy¶
Content-Security-Policy: default-src 'self';
script-src 'self';
style-src 'self' 'unsafe-inline';
img-src 'self' data:;
connect-src 'self'
Rate Limiting¶
Prevent abuse:
limit_req_zone $binary_remote_addr zone=general:10m rate=10r/s;
limit_req zone=general burst=20 nodelay;
Input Sanitization¶
The JavaScript sanitizes all user-controlled content:
function escapeHtml(str) {
const div = document.createElement("div");
div.textContent = str;
return div.innerHTML;
}
Secrets Management¶
- Never commit secrets to git
- Use environment variables for sensitive config
- Rotate credentials regularly
Security Checklist¶
- HTTPS enabled with valid certificate
- Security headers configured
- CORS whitelist current
- Rate limiting enabled
- Logs monitored
- Backups encrypted
- Dependencies updated
Vulnerability Reporting¶
Report security issues to: tim@kartoza.com
Please include: - Description of the vulnerability - Steps to reproduce - Potential impact
We aim to respond within 48 hours.