Help Center> CodeArts Repo> Service Overview> Security> Data Protection Technologies

Updated on 2023-12-04 GMT+08:00

View PDF

Data Protection Technologies

CodeArts Repo uses multiple methods to secure data.

Method	Description	Reference
Transmission encryption (HTTPS)	A code repository hosted in CodeArts Repo is flushed to disks on the cloud to prevent people other than the data owner from accessing users' plaintext data and prevent data leakage on the cloud. The code encryption process is transparent to users. Users can use any official Git client to access the code repository on CodeArts Repo.	-
Key management	SSH key and deployment key management ensures that the request is initiated by the request initiator so that users can only browse authorized data, securing data.	For details about the SSH key pair and how to obtain it, see SSH Key.
git-crypt encrypted transmission and storage	git-crypt is a third-party open-source software that can transparently encrypt and decrypt files in the Git repository.	It can encrypt and store specified files and file types. Developers can store encrypted files (such as confidential information or sensitive data) and shared code in the same repository and pull and push them like in a common repository. Only the person who has the corresponding file key can view the content of the encrypted files, but others are not restricted to read and write unencrypted files. For details about encrypted transmission and storage using git-crypt and how to obtain git-crypt, see About git-crypt.
Sensitive data anonymization and high-value data encryption	CodeArts Repo uses unified and accurate data to support applications and services for data security and privacy.	Logs and databases contain sensitive data, including but not limited to keys and account information. To prevent security issues caused by sensitive data leakage, the data is anonymized or encrypted. The principle is a hash function, which generates a digest for a piece of information to prevent tampering.
Anti-DDoS tool	Advanced Anti-DDoS (AAD) is a tool for defending against DDoS attacks. AAD can protect your servers against large volumetric DDoS attacks so your Internet services can keep being available.	AAD supports two traffic diversion modes: DNS resolution and IP address directing to protect website domain names and service ports. Based on the forwarding rules you configure for your services in AAD, AAD directs the DNS domain name resolution or service IP address to the AAD instance IP address or CNAME address for traffic diversion. Access traffic from the public network preferentially passes through an AAD equipment room. Malicious attack traffic is cleaned and filtered in the AAD traffic cleaning center. Normal access traffic is returned to the origin server through port protocol forwarding, ensuring stable access to the origin server.
Traffic limiting	Traffic limiting can be used to limit the number of HTTP requests sent by a user within a specified period of time. Traffic limiting is used to protect upstream application servers from being overwhelmed by too many concurrent user requests.	CodeArts Repo mainly uses Nginx and APIGW flow controls. Nginx uses the leaky bucket algorithm to limit traffic. This algorithm is widely used in communication and packet switched computer networks to handle bursts when bandwidth is limited. APIGW flow control limits the number of times an API is called within a specified period to protect backend services and provide continuous and stable services.
Backup & DR	Backup and DR not only prevent data loss, but also ensure that services on the server are taken over after the server breaks down to ensure service continuity. This feature ensures that users can continuously use application services, service requests of users can run continuously, and services provided by the information system are complete, reliable, and consistent.	-
Hash-based shard storage	Hash-based sharded storage improves confidentiality and privacy. Data sets are divided into independent and orthogonal data subsets based on certain rules. Then, the data is randomly distributed to multiple nodes. No node can access the complete data. They contain only a part of the data.	-
Watermark	To prevent unauthorized photos, screenshots, or other means from spreading core assets, you can enable watermark settings.	For details about how to set watermarks, see Watermarks.
Backup	The repository backup operation secures code and prevents others from deleting code by mistake. There are two backup modes: Back up the repository to another region of Huawei Cloud. Back up the repository to your local computer.	For details about how to back up the repository, see Repository Backup.

Parent topic: Security

Previous topic: Authentication and Access Control

Next topic: Auditing and Logging

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel