SecurityPragmatic security.
Pragmatic security.
Boring is the goal.
This page describes our security posture at a high level. If you believe you have found a security issue, please report it responsibly.
Secure-by-default headers
We ship common web security headers and a conservative indexing posture for sensitive routes.
Auth with clear boundaries
The site includes authenticated flows and role concepts, with a bias toward least privilege and explicit access control.
Input validation and rate limits
Public form inputs are validated and basic rate limits are enforced to reduce abuse and noise.
Operational discipline
We prioritize deploy safety, observability, and documentation so changes can be made calmly and predictably.
Responsible Disclosure
How to report issues
Email contact@hasher.sh with:
- Steps to reproduce
- Impact assessment (what could happen)
- Any logs or screenshots that help (redact sensitive data)
We will acknowledge reports as soon as practical and prioritize fixes based on severity and exploitability.