Security
Since the goal of the app is to access, collect, and share data, there are a lot of possible security risks. In the following, the main vulnerabilities are explained. Make sure to use the app only in a safe environment.
- If you use the
frontendand/orapi, and open the ports for external access, everyone can execute code on your system (if authentication is not enabled). - If you have configured a
mothership, everyone with access to the mothership can execute code on your system. - If you use dynamic variables, especially in combination with
processors.general.user_logic, make sure that the data does not contain malicious content. - If you use
third-party modules, make sure they act as intended by checking the source code.
You, as the user, are solely responsible for the operation and execution of Collectu and all its modules. This includes ensuring proper configuration, compliance with any applicable regulations, and the secure management of data processed through the application. Please note that improper use or misconfiguration may result in unintended consequences, for which Collectu and its developers cannot be held liable.
If you have any questions or concerns about setup or usage, we strongly recommend consulting our documentation or reaching out to our support team for assistance.
Collectu takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations.
If you believe you have found a security vulnerability in any Collectu-owned repository, please report it to us as described below.
Reporting Security Issues
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them to the Security Team at security@collectu.de.
You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
Collectu follows the principle of Coordinated Vulnerability Disclosure.
Introduction
Introduction