Think Space Security Center

We do not store your passwords in plaintext. Every credential goes through a salted cryptographic hashing function (using Werkzeug's secure key derivation routines) prior to database insertion. Even in the event of an archive leakage, original passwords remain unreadable and mathematically secure.

All interactions with our database systems run through parameterized Object Relational Mapping (ORM) queries. We never run direct, concatenated database queries. This keeps input parameters isolated from SQL execution paths, neutralizing database injection attacks entirely.

To let creators post rich text articles safely, we use custom server-side input filtering. Before saving drafts to the database, we parse and strip unsafe HTML targets—including <script> blocks, inline event scripts (e.g., onerror, onclick), <iframe> frames, and suspicious external style sheets.

Client authentication states are tracked via cryptographically signed sessions linked to high-entropy secrets. This ensures session variables cannot be tampered with or modified client-side. We use secure cookies that expire automatically to mitigate hijack vulnerabilities.

All traffic between your browser and the Think Space servers is encrypted using Transport Layer Security (TLS/SSL). This prevents network eavesdroppers from viewing cookies, session states, passwords, or draft content during transfer.

Our client-side storage (like localStorage) is strictly used for layout utilities (focus states, custom scroll positions, table configurations). We never store authorization tokens, credentials, or session cookies inside local storage, keeping them safe from cross-site scripting exposure.