We take security very seriously. We welcome any peer review of our 100% open source code to ensure the information submitted through this platform or other who rely upon it is not compromised or that hacked.

Where should I report security issues?

In order to give the community time to respond and upgrade we strongly urge you report all security issues privately. Please email [email protected] and/or [email protected] with details and reproduction steps. Security issues always take precedence over bug fixes and feature work. We can and do mark releases as "urgent" if they contain serious security fixes.
For a list of recent security commits, check our GitHub commits prefixed with SECURITY.

Password Storage

This application relies upon Django's good use of the PBKDF2 algorithm to encrypt salted passwords. This algorithm is blessed by NIST. Security experts on the web tend to agree that PBKDF2 is a secure choice.

Security in Django

For more information on the security features within this application, please see Security in Django, which includes information on:
    Cross site scripting (XSS) protection
    Cross site request forgery (CSRF) protection
    SQL injection protection
    Clickjacking protection
    Host header validation
    Session security
    User-uploaded content
    Additional security topics
Last modified 2mo ago