Security
Reliable sessions, installer protection, and API guards.
JamilX ships with session management, installer locks, and API access controls that help protect production environments.
Sessions
Sessions start early in the request lifecycle via session.php, ensuring authenticated flows are always available.
session_start();
Installer Lock
After setup, data/installed.lock prevents the installer from running in production.
API Security
API requests validate keys, enforce CORS allowlists, and apply rate limits via the API service.
Operational Tips
- Keep
logs/errors.logwritable to capture runtime issues. - Use
php jamilx logs:tailfor live monitoring during deployments. - Store sensitive credentials in
.envand keep it out of version control.
Security Checklist
- Confirm
.envexists and containsMODE, DB credentials, andAPI_KEYS. - Verify
data/installed.lockexists after installation to prevent re-running the installer. - Ensure
logs/anddata/remain writable for error logs and API rate-limit buckets. - Restrict API usage by configuring
API_CORS_ALLOWLISTand rotating API keys regularly. - Use
MODE=maintainanceto render the maintenance screen during upgrades.