Security Model

How SmallBlock handles authentication, authorization, and content safety.

Key Ideas

• Role-based permissions for editors, authors, and admins.

• CSRF protection on form submissions.

• Strict content sanitization for user-supplied HTML.

• HTTPS by default in production.

Recommendations

• Use strong secrets, rotate credentials.

• Limit admin access by IP or SSO if possible.