高层、非敏感说明High-level, non-sensitive statement

安全原则Security principles

We design and operate the internal application according to least-privilege, secure credential handling, encrypted transmission, access control, and incident-response principles.

我们按照最小权限、安全凭证处理、加密传输、访问控制和事件响应原则设计和运行内部应用。

公开网站

  • 网站通过 HTTPS 提供。
  • 公开网站不存储 Amazon API 凭证。
  • 公开网站不执行 Amazon API 调用。
  • Amazon 数据不会在公开网站中处理。

内部应用设计原则

  • 采用最小权限原则和访问控制。
  • 凭证不得硬编码进代码或提交到 Git。
  • 敏感信息不得输出到普通日志。
  • 数据传输仅允许 HTTPS/TLS。
  • 按照事件响应原则处理潜在安全问题。

安全联系

如需报告安全问题,请联系 15260589916@163.com

Public website

  • The website is served over HTTPS.
  • The public website does not store Amazon API credentials.
  • The public website does not make Amazon API calls.
  • Amazon data is not processed on the public website.

Internal application design principles

  • Apply least privilege and access control.
  • Credentials must not be hard-coded or committed to Git.
  • Sensitive information must not be written to ordinary logs.
  • Data transmission is permitted only over HTTPS/TLS.
  • Potential security issues are handled according to incident-response principles.

Security contact

To report a security concern, email 15260589916@163.com.

这些内容是设计和运营原则,不代表已获得任何第三方安全认证或完成 Amazon 安全审计。These are design and operating principles. They do not represent third-party security certification or completion of an Amazon security audit.