公开网站
- 网站通过 HTTPS 提供。
- 公开网站不存储 Amazon API 凭证。
- 公开网站不执行 Amazon API 调用。
- Amazon 数据不会在公开网站中处理。
内部应用设计原则
- 采用最小权限原则和访问控制。
- 凭证不得硬编码进代码或提交到 Git。
- 敏感信息不得输出到普通日志。
- 数据传输仅允许 HTTPS/TLS。
- 按照事件响应原则处理潜在安全问题。
安全联系
如需报告安全问题,请联系 15260589916@163.com。
Public website
- The website is served over HTTPS.
- The public website does not store Amazon API credentials.
- The public website does not make Amazon API calls.
- Amazon data is not processed on the public website.
Internal application design principles
- Apply least privilege and access control.
- Credentials must not be hard-coded or committed to Git.
- Sensitive information must not be written to ordinary logs.
- Data transmission is permitted only over HTTPS/TLS.
- Potential security issues are handled according to incident-response principles.
Security contact
To report a security concern, email 15260589916@163.com.
这些内容是设计和运营原则,不代表已获得任何第三方安全认证或完成 Amazon 安全审计。These are design and operating principles. They do not represent third-party security certification or completion of an Amazon security audit.