Xano recognizes the significance of information security. We've applied the most fitting security measures, procedures, controls, and practices intended to ensure that your data is safe.
Security is essential to us and the integrity of your application or business depends on it. This is why we've taken specific measures and installed security best practices so that you can build on Xano confidently.
All data stored within Xano is encrypted at rest. Data is considered at rest when it resides on a storage device and is not being actively transferred through networks. Encryption in this state performs a secure encoding on the data to protect the data. Since the data is encrypted on the physical storage device an attacker must first steal the hard drive and then decrypt the encryption making it particularly difficult to hack. This type of data storage is highly recommended by industry and government regulations.
Transmission of data is done securely over SSL. SSL stands for Secure Socket Layer and is an industry-standard for securing and encrypting data transmission. Not only is SSL near impossible to decrypt, it also provides a digital signature verifying that the data has not been tampered with providing data integrity. Additionally, SSL requires a level of authentication to ensure the communicating servers are in fact the correct ones.
The owner of the instance has control over team settings and governs access to the instance, including team member roles.
Passwords are digitally signed with sha256 and unique salts so even if more than one person had the same password, it would not be possible to identify who those individuals would be.
Sha256 is one-way encryption meaning it cannot be decrypted back to the original text. Sha256 is one of the strongest hash functions available and was designed by the NSA.
Salting refers to adding random data to the input of a hash function, such as sha256, as a safeguard to ensure uniqueness against passwords that might be the same or common.
Authentication is handled by JWE tokens, which is an industry standard.
Authentication is how a user logs in or signs up to an application. Xano provides secure out-of-the-box authentication via JWE (JSON Web Encryption) tokens. JWE tokens are self-contained and provide data integrity, authenticity, non-repudiation and confidentiality.
OAuth, which stands for “Open Authorization,” allows third-party services to exchange your information without you having to give away your password.
OAuth providers such as Facebook, Google, LinkedIn, and GitHub login are available in the Xano marketplace to easily enable.
On Xano's dedicated resource plans, the user's Instance is on a single-tenant deployment or architecture. This means that the user is the only tenant on the server (Instance) architecture and that all the server resources and CPU are dedicated to the tenant. Single-tenancy has a variety of benefits including:
Data Separation - Data is kept separate from other users since the Instance is isolated. This allows for independence of data and greater customization of software and hardware.
Data Security - If one user has a breach of data, then another user is safe from the breach since their data is stored on a completely separate Instance.
Reliability & Performance - Since the Instance is only dependent and serves a single tenant, performance and reliability are significantly increased. The alternative would be the Instance serving many different users.
Recovery - With a single-tenancy backups are also isolated, making it easier and more reliable to restore from backups in the event of a disaster.
Xano requires password minimums for logging in to a Xano account. A password must be a minimum of eight (8) characters, maximum of 256 characters, at least one (1) alphabetic character, and at least one (1) numeric character. These password requirements are only for login by email and password.
Password requirements for Single Sign-On (SSO) are managed by the SSO provider.
Two-factor authentication (2FA) security, or two-step authentication, can be enabled for logging in to a Xano account. 2FA security requires the use of two different forms of identification to access and authenticate an account. It is an extra layer of security beyond email and password credentials that secures an account by requiring an authentication step from something that belongs to the user.
Additionally, Xano holds certifications reflecting our commitment and adherence to information security in an official arena.