Edit online

Security Notes

Password Storage

Content Fusion stores user passwords in a hashed format to prevent them from being stored as plain text. The password hashes are stretched and salted to provide more security against brute-force attacks.

HTTPS

Traffic toward/from Content Fusion is encrypted by default with an automatically generated certificate. The administrator should upload a valid HTTPS certificate for the Content Fusion hostname before exposing the service to users.

Incoming Connections

Content Fusion accepts connections on ports 80 and 443 for serving the Content Fusion Web UI and on port 9080 for serving the Administration Web UI. The machine that hosts Content Fusion should allow incoming connections on port 22 for SSH access.

Outgoing Connections

Content Fusion can connect to external services if it is configured to do so:

Size Limits

Tasks have a configurable size limit (default is 1Gb) and a configurable file limit (default is 32767).

Information Exclusivity

Task owners can choose who has access to Content Fusion tasks. They can specify a list of allowed collaborators on a task or allow anyone with access to the link to collaborate.

OAuth2 Authentication

Content Fusion can be configured to allow users to authenticate using their Google or GitHub accounts. When users choose this authentication method, their accounts will not have a password. Authentication is delegated to either Google or GitHub, respectively.

Internal Connections

Content Fusion is composed of multiple internal services that communicate with each other. This communication is authenticated with passwords generated at installation time.