MODUL 12 / SECURITY
Security & operational protection layer
DeviceFix.eu uses a hardened baseline for forms, uploads, storage, admin areas and browser security headers. This page is informational, not a public disclosure of sensitive configuration.
Form protection
CSRF tokens, honeypot support, input cleaning and session-based rate limiting for POST endpoints.
Upload protection
Strict extension allow-list, file size limits, randomized filenames and storage outside public asset folders.
Admin protection
Minimal admin endpoints require token protection until Module 8 introduces a full authentication panel.
Storage protection
Direct access to config, application code and storage directories is denied by server rules.
Operational note: before going public, change
ADMIN_TOKEN, set production email addresses and test all forms after upload.
