Security Policy

Supported Versions

Version	Supported
0.1.x	✅

WebShell provides shell access to the host system. Please be aware of the following security considerations:

This application gives direct shell access to the server it runs on. Use with caution and only in controlled environments.

Isolation
- Run in Docker containers with limited permissions
- Use network isolation (private networks, VPNs)
- Avoid exposing directly to the internet
Authentication (Not Implemented)
- Current version has NO authentication
- Add reverse proxy with auth (nginx, Traefik, etc.)
- Consider implementing user authentication in future versions
Authorization (Not Implemented)
- No access control in current version
- Limit who can access the service at network level
- Consider implementing RBAC in future versions
Resource Limits
- Set MAX_TERMINALS to reasonable value
- Configure IDLE_TIMEOUT appropriately
- Use container resource limits (CPU, memory)
Monitoring
- Enable logging (RUST_LOG=info or debug)
- Monitor terminal sessions
- Track resource usage
- Set up alerts for suspicious activity
Best Practices
- Use HTTPS in production
- Keep dependencies updated
- Run as non-root user when possible
- Implement rate limiting
- Regular security audits

If you discover a security vulnerability, please:

DO NOT open a public issue
Email details to: [your-security-email@example.com]
Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)

We will respond within 48 hours and work with you to address the issue.

Planned security improvements: