🔖👤
🔍

سياسة الأمان

1. Overview

At AKM News, we take the security of our systems and your data seriously. This Security Policy outlines the measures we implement to protect our platform and its users.

2. Infrastructure Security

  • HTTPS: all communications between your browser and our servers are encrypted using TLS/SSL.
  • Firewalls: network-level firewalls restrict access to our infrastructure.
  • Containerization: services are isolated using Docker containers to minimize attack surface.
  • Regular updates: system dependencies and Docker images are kept up to date with security patches.

3. Authentication and Access Control

  • Password hashing: all passwords are hashed using bcrypt with appropriate salt rounds.
  • JWT tokens: authentication uses short-lived access tokens (30 minutes) and longer-lived refresh tokens (7 days).
  • HttpOnly cookies: tokens are stored in HttpOnly cookies to prevent XSS-based token theft.
  • Role-based access: administrative functions are restricted to authorized roles only.

4. Application Security

  • Rate limiting: API endpoints are protected against brute-force and DDoS attacks through request rate limiting.
  • Input validation: all user inputs are validated and sanitized on the server side.
  • CORS policy: Cross-Origin Resource Sharing is restricted to authorized domains.
  • Security headers: X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, and Referrer-Policy headers are enforced.
  • CSRF protection: state-changing operations are protected against cross-site request forgery.

5. Data Protection

  • Minimal data collection — we only collect data necessary for the Service to function.
  • Database access is restricted to application services only.
  • Backups are performed regularly and stored securely.
  • No sensitive data (passwords, tokens) is logged.

6. Monitoring

  • Access logs are monitored for suspicious patterns.
  • Failed authentication attempts are tracked and rate-limited.
  • System health is monitored continuously.

7. Vulnerability Reporting

If you discover a security vulnerability, we encourage responsible disclosure. Please report it to: security@akm.news

We kindly ask that you:

  • Do not exploit the vulnerability beyond what is necessary to demonstrate it.
  • Do not access or modify data belonging to other users.
  • Allow us reasonable time to address the issue before public disclosure.

8. Incident Response

In the event of a security incident, we will:

  • Investigate and contain the issue promptly.
  • Notify affected users as required by applicable law.
  • Take steps to prevent recurrence.

Last modified: March 2026

← العودة

نستخدم ملفات تعريف الارتباط لتحسين تجربتك. سياسة الخصوصية