You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Has Grafana been tested to assure it defends against common security issues? Specifically for v3.0.4, are the following common security exploits closed?
Does Grafana validate all cookies? Are all session cookies validated before granting access? Are different cookies used pre and post authentication?
Does Grafana defend against clickjacking? Can it be loaded in another application’s iframe?
Does Grafana disable auto-complete for the login screen?
Does Grafana defend against Cross-site scripting?
Does Grafana defend against Script injection?
The text was updated successfully, but these errors were encountered:
The answers to these questions get quite varied. This is something we are starting to pay more attention to. We are also in the beginning processes of doing ongoing third party testing.
For customers with support subscriptions for Grafana, we do provide additional assurances, and are sharing the results of some of the aformentioned third party testing, etc.
However, for purposes if this Github issue, no, Grafana makes no assurances and provides no warranties.
Has Grafana been tested to assure it defends against common security issues? Specifically for v3.0.4, are the following common security exploits closed?
The text was updated successfully, but these errors were encountered: