At Kindly, we take security seriously to ensure that no data ever gets in the hands of unauthorized users. This is achieved by putting security first and building and deploying the platform using applications where security is a top priority.
We build Kindly using the Django web framework. Django is a Python web framework for large-scale web applications, used by companies such as Mozilla, Pinterest, Instagram and NASA. Django comes with a range of security features already built-in, described below.
XSS attacks allow a user to inject client side scripts into the browsers of other users. Django templates protect us against the majority of these XSS attacks.
CSRF attacks allow a malicious user to execute actions using the credentials of another user without that user’s knowledge or consent. Django has built-in protection against most types of CSRF attacks by including a secret in POST requests, which we have enabled in our backend system.
SQL injection is a type of attack where a malicious user is able to execute arbitrary SQL code on a database. By using Django’s querysets, the resulting SQL will be properly escaped by the underlying database driver.
Clickjacking is a type of attack where a malicious site wraps another site in a frame. Django contains clickjacking protection which in a supporting browser can prevent a site from being rendered inside a frame.
We deploy our site behind HTTPS with TLS to ensure that there is no unauthorizated access to information transferred between the client and the server, including cookies.
All passwords are encrypted in Django using the PBKDF2 algorithm with a SHA256 hash, requiring massive amounts of computing time to break.
We use Pusher to handle the communication between the bot and the end-user, utilizing the publish-subscribe pattern. Pusher is an infrastructure-as-a-service company for integrating realtime messaging and is used by companies such as GitHub, The New York Times and MailChimp.
The communication in the chat window between the end-user and our backend is securely transmitted in a private Pusher channel. The Pusher client is set up with our unique application key and each chat session is given a private channel for communication. All incoming messages are authenticated to ensure that only authorized users has access to the channel and can send messages to and receive replies from the bot.
The security and encryption methods of the chat bubble is explained in the diagram below:
User connects to bot by activating chat bubble.
Server creates encrypted token using AES 256 + secret and returns token to user.
User tries subscribing to chat channel using returned token as part of channel id.
Pusher initiates auth request to bot server appending token as a header parameter.
Server deciphers and validates token and returns signed authentication token.
Channel subscription succeeded. Websocket connection is live at this point.
User requests greeting message.
Bot sends greeting message to Pusher.
Pusher sends greeting to user through websocket connection.
Bot sends reply message to Pusher.
Pusher sends reply message to user using websocket connection.
Again, explained using a sequence diagram:
default-src 'self' https://*.kindly.ai https://*.kindlycdn.com https://*.pusher.com wss://ws-eu.pusher.com wss://ws-eu.pusher.com:443 wss://sage.kindly.ai;img-src 'self' https://*.kindlycdn.com data:;script-src 'self' 'unsafe-inline' https://chat.kindlycdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;object-src 'none';font-src 'self' https://fonts.gstatic.com data:;