Midaz Security
Midaz’s security model leverages Casdoor and Casbin for identity management and authorization.
Identity Management with Casdoor
Casdoor enables:
- Centralized user management for registration, authentication, and profiles.
- Third-party integrations with providers like Google and Facebook.
- Customizable workflows for tailored login and registration.
Authorization with Casbin
Casbin enables:
- Role-Based Access Control (RBAC): Permissions are assigned based on roles.
- Custom models such as ACLs for specific needs.
Together, Casdoor and Casbin ensure a secure, scalable foundation for diverse applications.
Recommendations for Secure Deployments
To maximize security, follow these best practices:
1. Secure Configuration Management
- Avoid hardcoding sensitive data.
- Use tools like HashiCorp Vault for managing secrets.
2. Regular Updates
- Keep Midaz and its dependencies updated to address new vulnerabilities.
3. Monitor Authorization Policies
- Regularly audit Casbin configurations to ensure alignment with current security requirements.
4. Follow Setup Guidelines
- Refer to the official documentation for secure installation and configuration steps.
Responsible Disclosure Policy
We encourage responsible disclosure of vulnerabilities:
- Contact: Email us at [email protected].
- Acknowledgment: Receive a response within 24 hours.
- Verification: Our team validates the report.
- Impact Assessment: Determine severity and impact.
- Resolution: Fix the issue and notify the reporter.
- Public Disclosure: Coordinate disclosure with the researcher.
Attention
Use our PGP Key for secure communications. We strive to address all reports swiftly and confidentially.
Updated 15 days ago