Hasura Cloud is architected to help companies follow the three tenets of Information Security: confidentiality, integrity, and availability.
Hasura Cloud undergoes three layers of security scrutiny. As part of our certification process, we undergo routine testing from external agencies to ensure industry standards are maintained. As an open-source software, our internals are exposed for regular scrutiny from our community to ensure components stay current.
To incentivize the community for an extra layer of scrutiny, we also offer a path for responsible disclosure.
Security requires robust authentication and authorization
Hasura Cloud provides enterprise grade authorization that can integrate with your authentication provider of choice.
Hasura Cloud provides stateless authorization with JWT controls either through authorization headers, cookies, or webhooks. Being built on Postgres, session based control can always be configured but there are a number of good reasons to prefer stateless authentication.