Contributed by Kalpesh Mehta from Corra
Security TXT file
Last update: November 1, 2024
- Topics:
- Configuration
- Security
CREATED FOR:
- Experienced
- Admin
- Developer
When security vulnerabilities are discovered by researchers, proper reporting channels are often lacking. As a result, some vulnerabilities are not reported. The purpose of the security.txt
file format file is to provide security researchers the information they can use to report their findings.
Merchants can enter their contact information for security issue reporting from the Commerce Admin. For developers, the Magento_Securitytxt
module provides the following functionality:
- Allows security configurations to be saved from the Admin.
- Contains a router to match application action class for requests to the
.well-known/security.txt
and.well-known/security.txt.sig
files. - Serves the content of the
.well-known/security.txt
and.well-known/security.txt.sig
files.
A valid security.txt
file might look like the following:
Contact: mailto:security@example.com
Contact: tel:+1-201-555-0123
Encryption: https://example.com/pgp.asc
Acknowledgement: https://example.com/security/hall-of-fame
Policy: https://example.com/security-policy.html
Signature: https://example.com/.well-known/security.txt.sig
To create the security.txt
signature (security.txt.sig
) file:
gpg -u KEYID --output security.txt.sig --armor --detach-sig security.txt
To verify the signature:
gpg --verify security.txt.sig security.txt
Previous pageSecure cron PHP
Next pageClick jacking Exploits
Commerce
- Overview
- General setup
- Deployment
- Cache
- Command Line
- Command-line tool
- Common commands
- Enable logging
- Manage the cache
- Manage indexers
- Configure cron jobs
- Compile code
- Operation mode
- Start message queue consumers
- URN highlighter
- Dependency reports
- Localization
- Configuration management
- Static view
- Create symlinks
- Run unit tests
- Convert layout files
- Generate data for performance testing
- Run support utilities (Commerce only)
- Configuration files
- Configuration paths
- Cron Jobs
- Logs
- Message Queues
- Multiple sites
- Search Engine
- Security
- Storage
- Return to Operational Guides