Security
Last updated: June 5, 2026
Security Measures
SwiftLink implements multiple layers of security to protect your data:
Authentication
- Secure password hashing using modern algorithms
- Two-Factor Authentication (2FA) via Telegram
- Telegram Login integration for secure authentication
- CSRF protection on all forms
Session Security
- HTTP-only cookies to prevent XSS attacks
- Secure cookie flags when using HTTPS
- Strict session management
- Automatic session expiration
Data Protection
- Rate limiting on all endpoints to prevent abuse
- Input validation and sanitization
- File upload restrictions (images only, size limits)
- Secure file storage with proper permissions
Network Security
- HTTPS encryption for all data transmission
- HTTP Strict Transport Security (HSTS)
- X-Frame-Options to prevent clickjacking
- Content Security Policy (CSP)
- X-XSS-Protection enabled
Bot Token Security
Telegram bot tokens and sensitive configuration are stored in a separate .envtelegram file outside the web root, preventing unauthorized access.
Reporting Security Issues
If you discover a security vulnerability, please report it responsibly:
- Email: security@swifttool.org
- Or use our support page
We will respond within 48 hours and work with you to address the issue.
Best Practices for Users
- Use a strong, unique password
- Enable 2FA for your account
- Don't share your credentials
- Keep your software and browser updated
- Be cautious of phishing attempts