28 Repos
Settings and mechanisms used to define permitted users, authentication requirements, and allowed communication channels for a hosted server.
Distinct from Client-to-Server Authentication: The candidates are either lists of snippets (mt1), client-side authentication (mt2), or application-level entrypoints (mt3), whereas this is about server-side access policy configuration for an SSH server.
Explore 28 awesome GitHub repositories matching security & cryptography · Server Access Controls. Refine with filters or upvote what's useful.
kohya_ss is a graphical user interface and workbench for fine-tuning diffusion models, specifically designed for Stable Diffusion. It provides a suite of tools for training generative AI models, including specialized interfaces for creating Low-Rank Adaptation weights and training ControlNet spatial control networks. The project distinguishes itself through integrated VRAM usage optimization and hardware acceleration, featuring specific support for Intel GPUs via XPU-accelerated libraries. It implements parameter-efficient training methods and memory-saving techniques like gradient checkpoint
Implements server-side access controls for managing network interfaces, ports, and authentication for the web interface.
Misskey is a self-hosted, decentralized microblogging platform and federated social media server. It functions as a distributed content management system that allows users to communicate across multiple independent and interconnected server instances using the ActivityPub protocol. The platform distinguishes itself with a dynamic application engine that allows for the creation of interactive applications and custom page layouts using a scripting language. It also features a specialized markup language for rich text rendering, enabling the use of animations and custom styles for consistent con
Provides server-side access policies and whitelists to manage communication with external federated instances.
Visdom is a tool for scientific experiment tracking and real-time data monitoring. It provides a programmatic interface for broadcasting live plots, rich media, and training metrics from scripts to an interactive web dashboard. The project specializes in high-dimensional data analysis, offering capabilities to project complex feature sets into 2D space using t-SNE and visualize PyTorch model embeddings. It organizes visualizations into named environments, allowing users to isolate different experimental runs and compare plots across these environments in a single view. The system covers a br
Implements server-side access policies including authentication requirements and restrictions to localhost.
Boto3 is the AWS SDK for Python, providing a programmatic interface for managing and automating AWS cloud infrastructure and services. It serves as a cloud management API client and resource manager for provisioning, configuring, and scaling virtual servers, databases, and storage. The library enables the implementation of infrastructure-as-code through declarative templates and scripts, allowing for the deployment of identical resource stacks across multiple accounts and geographic regions. It also provides a framework for coordinating distributed workflows, serverless functions, and contain
Controls instance entry and server access using cryptographic key pairs and virtual firewalls.
Paramiko is a pure-Python implementation of the SSH2 protocol, providing a library for making secure network connections and executing remote commands. It serves as a programmatic interface for establishing encrypted communication tunnels and managing remote sessions. The project includes a full SSH server framework, allowing applications to host a secure shell server and define server-side access configurations directly within Python. It also provides a dedicated SFTP client library for secure file transfers and remote filesystem management. The library covers remote infrastructure automati
Defines permitted users, authentication methods, and channel types for connections to a hosted secure shell server.
Tile38 is an in-memory geospatial database that uses the Redis protocol for communication and query execution. It serves as a distributed spatial store for points and polygons, featuring high availability through leader-follower replication and disk-based persistence. The system includes a real-time geofencing engine that monitors virtual geographic boundaries and triggers webhooks when objects enter or exit specified areas. It further distinguishes itself with an embedded Lua scripting engine for server-side data transformations and a built-in vector tile server for efficient map visualizati
Secures server interactions using role-based access control and TLS encryption for protected network communication.
This project is an AI-powered IDE extension and LLM coding assistant that provides a conversational interface for generating, refactoring, and debugging code. It functions as an AI agent framework and a Model Context Protocol client, connecting AI models to external data sources and tools to automate complex development tasks. The system is distinguished by its use of autonomous AI agents capable of multi-step task execution, including the ability to read files, modify code, and run terminal commands iteratively. It supports recursive agent orchestration through subagent delegation and employ
Limits the ability of servers to interact with the file system and network via explicit configuration rules.
The inspector is a diagnostic and validation tool for the Model Context Protocol. It provides an interactive interface and a transport proxy to discover, inspect, and execute the tools, prompts, and resources provided by an MCP server. The project serves as a debugger and compliance tester to verify that server implementations adhere to the protocol specification and JSON-RPC standards. It allows for real-time monitoring of message exchanges and logs between clients and servers across various transport layers, such as standard input/output and Server-Sent Events. The tool covers a broad rang
Implements bearer token authentication for proxy connections and remote SSE server access.
TiddlyWiki5 is a modular wiki engine and non-linear knowledge base that organizes information into small, linked chunks. It can function as a single-file personal wiki where all content and application logic are stored within one HTML file for local-first use, or as a self-hosted wiki server that serves content over HTTP. The project is distinguished by a data-driven architecture where plugins and extensions are treated as stored data entries. It features a filter-based query engine for manipulating structured data and a transclusion system that allows the live content of one entry to be embe
Controls server visibility and editing permissions using authentication, trusted headers, and read-only modes.
JupyterHub is a multi-user platform for hosting and managing isolated Jupyter notebook server instances on a single system or cluster. It serves as a notebook server orchestrator that spawns and monitors individual computing environments on demand. The system uses a plugin-based spawner interface to launch these environments across diverse infrastructure, including local processes, containers, or cloud clusters. It integrates with external identity providers and supports pluggable authentication to verify user identities and secure access. The framework includes centralized administration to
Restricts access to server instances based on user roles, read-only permissions, or mandatory login requirements.
Veloren is an open-source multiplayer RPG featuring a voxel-based action adventure in a procedurally generated fantasy world. It is built upon a voxel game engine that supports 3D rendering via Vulkan and Metal, utilizing a procedural world generator to create geography and ecosystems based on erosion algorithms and temperature maps. The project is distinguished by a sandboxed plugin system using WebAssembly, which allows for the addition of new game logic and equipment without recompiling the core engine. It also features a dedicated game server architecture designed to synchronize state, ma
Limits server entry to a predefined list of approved unique player identifiers.
ClearML is a comprehensive MLOps platform designed to manage the end-to-end machine learning lifecycle, from initial experimentation to production deployment. It provides a suite of integrated tools including a pipeline orchestrator for automating workflows, an experiment tracking tool for logging hyperparameters and metrics, and a metadata-driven data versioning system for managing large-scale datasets and model artifacts. The platform is distinguished by its advanced compute management and serving capabilities. It features a GPU compute manager that supports fractional resource slicing and
Configures authentication and load balancing to secure traffic reaching the management server.
Inngest is a durable execution framework and event-driven automation engine designed to orchestrate background workflows. It enables developers to build resilient, stateful processes by memoizing function steps, ensuring that long-running tasks can automatically resume from the last successful operation after failures, timeouts, or infrastructure restarts. The platform distinguishes itself through its event-driven architecture, which uses a schema-validated bus to trigger functions and coordinate complex, multi-step logic. It employs an onion-model middleware approach for cross-cutting concer
Verifies the origin of requests between the platform and servers using shared secrets to prevent unauthorized access.
Maven ist ein Java-Build-Automatisierungstool und Software-Build-Orchestrator. Es fungiert als Projekt-Lifecycle-Manager und Dependency-Management-System, das ein standardisiertes Project Object Model verwendet, um Java-Projekte zu kompilieren, zu testen und zu paketieren. Das Projekt zeichnet sich durch einen phasenbasierten Build-Lifecycle und ein Plugin-basiertes Erweiterungsmodell aus, das es Benutzern ermöglicht, benutzerdefinierte Ziele an spezifische Build-Stufen zu binden. Es koordiniert komplexe Software durch Multi-Modul-Projekt-Orchestrierung und stellt einen reproduzierbaren Build-Workflow sicher, indem Umgebungsvariablen neutralisiert und Toolchain-Versionen kontrolliert werden. Die Funktionen decken ein umfassendes Dependency-Management ab, einschließlich transitiver Dependency-Auflösung und Artefakt-Publishing in Remote-Repositories. Das System bietet zudem Projektgenerierung durch Templates und detaillierte Dokumentationserstellung für API-Referenzen und Projektseiten. Das Tool enthält ein Command-Line-Interface mit Eingabevervollständigung und unterstützt die Offline-Build-Ausführung mittels eines lokalen Artefakt-Caches.
Stores usernames and passwords in a local file to authenticate deployments and downloads.
Wish is a Go library for building SSH servers, providing a middleware-based framework that handles core SSH functionality including public-key and certificate authentication, session management, and secure file transfers via SCP and SFTP. It is designed to serve as the foundation for custom SSH applications, with built-in support for hosting Git repositories over SSH and serving interactive terminal applications. What distinguishes Wish from a basic SSH server library is its composable middleware pattern, which allows developers to layer authentication, logging, and custom session handling. I
The SSH server library blocks connections without an active terminal or allows only specified commands.
OpenFGA is a fine-grained authorization server and policy decision point that implements relationship-based access control. It serves as a centralized authorization service for evaluating access requests and managing relationship tuples across distributed microservices and multi-tenant environments. The engine combines relationship graphs with attribute-based access control, using the Common Expression Language to evaluate dynamic runtime attributes and conditional access rules. It handles complex hierarchies and nested permissions by traversing chains of associations and parent-child links t
Controls which clients can interact with the authorization server by evaluating requests against an internal store.
Dies ist ein Software Development Kit (SDK) und Framework zur Implementierung des Model Context Protocol in Go. Es bietet ein standardisiertes System zum Aufbau von Servern und Clients, die externe Ressourcen, proprietäre Daten und ausführbare Tools austauschen, um Large Language Models (LLMs) Kontext bereitzustellen. Das SDK enthält eine JSON-RPC-Kommunikationsbibliothek und ein Integrations-Framework, um lokale Daten, Prompt-Templates und typisierte Funktionen für KI-Modelle bereitzustellen. Es ermöglicht die Entwicklung von Protokoll-Servern, die externen Kontext liefern, sowie von Clients, die diese Remote-Tools und Ressourcen nutzen. Das Projekt deckt das Connection-Lifecycle-Management und die Protokoll-Versionsaushandlung ab, um Interoperabilität zu gewährleisten. Es bietet Transport-Abstraktionen für den Nachrichtenaustausch via Standard-Input/Output oder HTTP sowie Funktionen für Resource-Mapping und Session-Management. Sicherheits- und Observability-Features umfassen OAuth-Identitätsintegration, Verzeichniszugriffsbeschränkungen für Server sowie Tools zur Traffic-Inspektion und Capability-Verifizierung.
Implements capabilities to restrict the directories a protocol server can access to maintain a secure operational scope.
PeerJS Server ist ein WebRTC-Signalisierungsserver und Verbindungsbroker, der Handshakes zwischen Clients koordiniert, um direkte Peer-to-Peer-Verbindungen herzustellen. Er fungiert als Koordinationspunkt für das Entdecken von Peer-Identifikatoren und das Initiieren von Echtzeit-Medien- und Daten-Streams zwischen entfernten Browser-Clients. Das Projekt kann als dedizierter Signalisierungsserver bereitgestellt oder als Node.js-Middleware in eine bestehende Webanwendung integriert werden, um einen einzigen Netzwerkport gemeinsam zu nutzen. Er verwaltet den Lebenszyklus von Peer-Verbindungen durch einen zentralisierten Signalisierungsprozess, weist Clients eindeutige Identifikatoren zu und überwacht Sitzungszustände. Der Server bietet Funktionen für die Peer-Entdeckung, den Aufbau von Datenkanälen und die Initiierung von Medienanrufen. Er enthält Sicherheits- und Traffic-Management-Funktionen wie API-Schlüssel-Authentifizierung, SSL/TLS-Traffic-Verschlüsselung und die Möglichkeit, die maximale Anzahl gleichzeitiger Verbindungen zu begrenzen.
Restricts method calls using required connection keys and manages cross-origin resource sharing policies.
Dieses Projekt ist eine umfassende Sammlung von Leitfäden und Frameworks zur Absicherung von SaaS-Infrastrukturen und Unternehmensabläufen. Es bietet eine Zusammenstellung technischer Checklisten, Architekturmuster und Best Practices zur Härtung von Cloud-Anwendungen gegen Cyberangriffe. Das Projekt zeichnet sich durch spezialisierte Handbücher für Risikomanagement und Compliance-Bereitschaft aus. Es bietet strukturierte Ansätze für Threat Modeling, Incident-Response-Planung und die Vorbereitung von Audit-Nachweisen, die zur Erfüllung von Branchen-Sicherheitszertifizierungen und Anforderungen von Unternehmenskunden erforderlich sind. Das Framework deckt breite Fähigkeitsbereiche ab, einschließlich der Härtung von Cloud-Infrastrukturen, Identitäts- und Zugriffsmanagement sowie Sicherheitsrisikomanagement. Es adressiert technische Kontrollen wie Umgebungsisolierung und Netzwerkverschlüsselung sowie operative Prozesse wie das Offboarding von Mitarbeitern und die Überprüfung von Anbietern.
Provides a pattern for limiting server and database management access using VPNs and static IP validation.
Certd is a self-hosted platform that automates the full lifecycle of SSL certificates using the ACME protocol. It handles certificate application, renewal, and deployment across multiple domains through a pipeline-driven workflow engine, with DNS challenge orchestration and multi-cloud deployment capabilities. The platform distinguishes itself through its configurable pipeline system, which allows users to build multi-step workflows that can pass outputs between tasks, execute custom scripts, and handle errors. It supports multi-tenant access control with role-based permissions, encrypted cre
Stores SSH or password credentials for direct server access, enabling certificate deployment and DNS management on remote machines.