Table of Contents
Security & External Services
Security Measures
| Measure | Description |
|---|---|
| Telegram OAuth | Admin login via Telegram bot with HMAC-SHA256 hash verification |
| reCAPTCHA v3 | Contact form protection against bots |
| SQL Injection Protection | PDO Prepared Statements |
| XSS Protection | htmlspecialchars() for form inputs |
| HSTS | Strict Transport Security header |
| Referrer Policy | no-referrer / same-origin |
| External Links | rel="noopener" on all external links |
| Sensitive Files | Configuration files excluded in .gitignore |
External Services
| Service | Purpose |
|---|---|
| Telegram Bot (@Fa2P_WebBOT) | Admin authentication + event notifications |
| Google reCAPTCHA v3 | Contact form spam protection |
| Cookiebot | Cookie consent management (GDPR) |
| Pretix | Event registration (URL integration) |
| eTracker | Website analytics |
| Google Analytics | Additional tracking |
Deployment
- Hosting: Apache on shared hosting (cPanel)
- SSL/TLS: HSTS enforced
- No Docker: Direct file uploads to the live server
- URL rewrites:
.htaccessremoves thewwwsubdomain and enforces HTTPS