> How can you secure your SPX server for safe cloud production? As more and more SPX instances are being deployed in the cloud as opposed to running on-prem, more emphasis needs to go into security. --- > [!TIP] For managed support and security guidance, [contact us](https://spxgraphics.com/contact). ## Authentication ## Username and Password Enable authentication in [[Documentation/Server/Configurations|config.json]]: ```json { "general": { "username": "admin", "password": "encrypted_password_here" } } ``` - Password is stored encrypted in the config file - Login is required to access SPX when both username and password are set - Use strong passwords in production ## API Security When exposing [[Documentation/Control Interfaces/REST/Overview of SPX API|SPX API]] over network: - Consider implementing API key authentication - Use HTTPS for API communication - Restrict network access when possible - Monitor API usage ## Network Security ## Firewall Configuration - Only open necessary ports (default: 5656) - Restrict access to trusted networks - Use VPN for remote access - Consider using reverse proxy ## HTTPS Use HTTPS for secure connections: - See [[Documentation/Control Interfaces/HTTPS|HTTPS Setup]] for configuration - Use valid SSL certificates in production - Keep certificates updated ## File System Security ## Permissions - Restrict write access to dataroot folder - Protect [[Documentation/Server/Configurations|config.json]] from unauthorized access - Secure ASSETS folder - Regular backups ## Data Protection - Encrypt sensitive data if needed - Regular backups of [[Documentation/Graphics Controller/Project Settings|projects]] and [[Documentation/Graphics Controller/Rundown Settings|rundowns]] - Secure storage of media files ## Cloud Deployment Security ## Best Practices - Use cloud provider security features - Implement network segmentation - Use managed SSL certificates - Enable logging and monitoring - Regular security updates ## Access Control - Limit who can access SPX - Use strong authentication - Implement role-based access if available - Monitor access logs ## Security Reporting Thanks to security researchers who have already helped make SPX more resilient: - 2024-06 **Merbin Russel** - 2024-07 **Mohsin Khan** ## Reporting Vulnerabilities If you come across a possible vulnerability, please use the **Security Advisories** feature on Github to report these. **Do not** report security issues in public issues. Use the Security Advisories feature instead. ## Security Checklist - [ ] Enable authentication - [ ] Use strong passwords - [ ] Enable HTTPS in production - [ ] Configure firewall properly - [ ] Restrict network access - [ ] Keep SPX updated - [ ] Regular security audits - [ ] Monitor access logs - [ ] Secure file permissions - [ ] Regular backups --- ## Read Next - [[Documentation/Control Interfaces/HTTPS|HTTPS Setup]] - Configure secure connections - [[FAQ/Cloud Deployment|Cloud Deployment]] - Secure cloud deployments - [[FAQ/Troubleshooting|Troubleshooting]] - Security-related issues - [[Documentation/Server/Configurations|Server Configurations]] - Server configuration options