132 repositorios
Mechanisms for managing user permissions and secure access to resources.
Distinguishing note: Focuses on security features within a database management context.
Explore 132 awesome GitHub repositories matching security & cryptography · Access Control. Refine with filters or upvote what's useful.
Daytona is a cloud-native development environment platform designed to orchestrate ephemeral, containerized workspaces. It provides a centralized system for managing reproducible coding environments as code, ensuring consistency across distributed teams by abstracting the underlying infrastructure. By utilizing declarative configuration, the platform automates the entire lifecycle of development sandboxes, from initial provisioning to resource governance. The platform distinguishes itself through its infrastructure-agnostic runner layer, which allows development environments to be deployed ac
Limits token actions on specific resources using granular permission sets for enhanced security.
Fooocus is a generative image interface designed to simplify the creation of high-quality visual content from text descriptions. It functions as a latent diffusion pipeline and model orchestrator, managing the complex interactions between neural network layers, mathematical samplers, and hardware resource allocation to produce professional-grade imagery. The project distinguishes itself through a sophisticated prompt engineering engine and modular style management. Users can dynamically modify output characteristics by injecting style adapters directly into prompts or by utilizing wildcards a
Restricts access to the generation dashboard using authentication tokens or network controls.
PhotoPrism is a self-hosted digital asset management platform designed to organize, classify, and manage large collections of photos and videos on personal infrastructure. It functions as a private alternative to cloud-based services, ensuring that all media remains under the user's control. The platform utilizes neural-network-based media analysis to automatically detect objects, faces, and locations, providing a comprehensive, AI-powered approach to library organization. The project distinguishes itself through its containerized architecture, which simplifies deployment and lifecycle manage
Provides controlled access to private photo and video collections through authenticated interfaces and granular permission management.
This project is a web-based platform designed for creating, managing, and sharing professional resumes. It functions as a structured document builder that integrates artificial intelligence to assist with content generation, editing, and analysis. Users can maintain a collection of resumes, customize their visual presentation through various templates, and export them into multiple formats for job applications. The platform distinguishes itself through its autonomous AI agent capabilities, which can perform research, suggest incremental edits, and apply data patches directly to documents. It
Toggles the locked status of resumes to prevent unauthorized updates, patches, or deletions.
ToolJet is a low-code development platform designed for building and deploying internal business applications. It provides a visual interface where users can drag and drop components to design layouts, connect to various data sources, and execute custom logic. The platform is built on a containerized architecture, ensuring that applications remain portable and consistent across different cloud and server environments. The platform distinguishes itself through integrated artificial intelligence capabilities that assist in the generation of user interfaces, database schemas, and data queries fr
Sets granular access control for user groups to define specific environment access and editing permissions.
Keycloak is an open-source identity and access management server that provides a centralized platform for user authentication, authorization, and identity federation. It functions as a standards-compliant identity provider, utilizing a centralized engine to validate credentials and issue cryptographically signed tokens based on industry-standard protocols like OpenID Connect and SAML. This enables organizations to secure diverse applications and services through a unified authentication layer. The platform distinguishes itself through its cloud-native orchestration and high-availability capab
Protects digital resources using standard protocols to manage access and verify identity tokens.
Frigate is a self-hosted network video recorder that functions as a private, local AI-powered vision engine. It manages video streams by performing real-time object detection, tracking, and classification directly on local hardware, ensuring that security monitoring and activity recording remain independent of cloud services. The system distinguishes itself through a modular, hardware-accelerated video pipeline that offloads intensive decoding and machine learning inference to dedicated GPUs, NPUs, or specialized accelerators like Coral TPUs and Hailo modules. It utilizes state-based object t
Secures network restream endpoints with authentication to prevent unauthorized access.
Chatwoot is a self-hosted, omnichannel customer support platform designed to aggregate messages from diverse social and digital channels into a single, collaborative team inbox. It provides organizations with full data ownership and control over their support infrastructure, ensuring strict logical separation of customer data through multi-tenant architecture. By centralizing communication, the platform enables teams to manage, route, and resolve inquiries within a unified workspace that maintains complete interaction history for every contact. The platform distinguishes itself through an eve
Provides granular role-based access control to manage administrative privileges and functional scopes.
InfluxDB is a specialized time series database platform engineered for the high-speed ingestion, compression, and retrieval of timestamped data at scale. It functions as a distributed metrics platform, providing the infrastructure necessary to organize and analyze massive volumes of time-stamped information to identify trends, patterns, and anomalies within complex data streams. The platform distinguishes itself through a functional dataflow engine that utilizes a specialized programming language for complex analytical transformations and automated tasks. This architecture is supported by a p
Allows controlling access to the management interface by creating and updating user credentials.
Filament is a full-stack framework for building administrative panels and management interfaces within the Laravel ecosystem. It provides a declarative, component-based architecture that allows developers to construct complex, data-driven applications using server-side configuration objects rather than manual HTML. By inspecting database model structures and relationships, the framework automates the generation of CRUD interfaces, forms, and data tables, significantly reducing boilerplate code. The project distinguishes itself through a highly modular and extensible design that supports custo
Enforces access control for administrative panels using user contracts and authentication checks.
ntfy is a self-hosted messaging infrastructure that provides a lightweight platform for sending and receiving real-time notifications. It functions as a topic-based pub-sub server, allowing users to publish and subscribe to message channels using standard HTTP requests. By bridging server-side events with native mobile and desktop clients, it enables the delivery of alerts across various environments through a unified communication layer. The project distinguishes itself by offering a complete, private notification ecosystem that includes persistent message caching and robust access control.
Secures message endpoints by requiring valid credentials or tokens.
OpenZeppelin Contracts is a library of modular, secure, and reusable smart contract components designed for the development of decentralized applications. It provides a foundational framework for building standard-compliant contracts, offering battle-tested implementations for token standards, access control, and common utility patterns. The project distinguishes itself through its comprehensive support for complex architectural patterns, including proxy-based upgradeability, role-based access control, and account abstraction. It enables developers to implement modular logic injection via hoo
Controls token transfers and approvals by enforcing allowlists or blocklists managed by authorized accounts.
React-admin is a framework for building data-driven administrative interfaces that connect to REST or GraphQL backends. It provides a comprehensive suite of tools for managing the full lifecycle of administrative applications, including resource-oriented routing, declarative form scaffolding, and context-driven state management. By utilizing a modular adapter-based architecture, the framework abstracts backend communication, allowing developers to build consistent CRUD interfaces that handle data fetching, authentication, and synchronization automatically. The project distinguishes itself thr
Conditionally renders interface components and menu items based on user authorization status.
Devise is a flexible authentication framework for Ruby on Rails applications. It serves as a user identity management system that handles registration, sign-in, password recovery, and account confirmation. The system integrates with the Warden middleware to manage user sessions and security across various request types. The framework functions as a multi-model authentication engine, allowing for the configuration of multiple distinct user models with independent routes and access controls. It also provides a standardized interface to connect with external identity providers and third-party lo
Verifies that a user is authenticated before allowing access to specific controller actions.
This project is an open-source, privacy-focused web analytics platform designed for high-throughput data ingestion and multi-tenant data management. It provides a cookie-less tracking engine that captures visitor interactions using ephemeral request metadata, ensuring comprehensive traffic visibility while maintaining strict privacy standards. The architecture utilizes an event-driven ingestion pipeline and aggregated metric storage to decouple data collection from processing, enabling efficient long-term retrieval and responsive dashboard performance. What distinguishes this platform is its
Allows inviting collaborators as guests with restricted permissions limited to specific sites.
Dolt is a relational database engine that integrates version control directly into the database management layer. It functions as a version-controlled SQL database that tracks every row and schema change using a commit-based history, allowing users to branch, merge, and audit data modifications. By implementing a wire-protocol-compatible server, the system enables standard SQL clients and tools to interact with versioned data as if they were connecting to a traditional relational database. The platform distinguishes itself by applying repository-style workflows to data management, including s
Manages user authentication, role-based privileges, and branch-level write restrictions to secure database access.
Vanna is a Python framework designed to build conversational interfaces that translate natural language into executable database queries. It functions as an enterprise-grade toolkit that connects language models to relational databases, allowing users to retrieve information through conversational prompts rather than manual code. The system maintains context across interactions by utilizing vector databases to store historical query patterns and schema metadata. The framework distinguishes itself through a focus on security and schema-aware generation. It incorporates granular access control,
Enforces granular user permissions and audit logging for secure and compliant data retrieval.
Firefly III is a self-hosted personal finance management system built on a double-entry bookkeeping engine. It provides a comprehensive platform for tracking income, expenses, and account balances while maintaining financial integrity through structured accounting principles. Designed for private use, the system supports multi-user access, allowing independent financial administrations to coexist within a single installation. The platform distinguishes itself through extensive automation and integration capabilities. It features a robust REST JSON API and webhook system that enables programma
Assigns maximum monetary amounts to specific categories for defined time periods to track and control personal expenses.
This project is a feature-rich Go client library designed for interacting with Redis. It serves as a comprehensive interface for managing remote data stores, enabling developers to execute standard database commands, handle complex data structures, and perform asynchronous operations within Go applications. The library distinguishes itself through its support for advanced Redis capabilities, including connection pooling, pipelining, and transactional integrity. It provides specialized primitives for managing distributed clusters, including automated topology updates and request routing to sha
Secures database interactions by managing authentication, command permissions, and connection security policies.
Turso is a distributed SQL database platform that provides managed, edge-hosted SQLite instances. It functions as a serverless database provider, enabling the deployment of relational databases that synchronize data across multiple geographic regions to support high availability and performance. The platform distinguishes itself by utilizing a fork of SQLite as its core storage engine, which supports both local file storage and remote network-based replication. It employs an edge-optimized proxy to route queries through a global network, minimizing latency by connecting users to the nearest d
Manages user permissions and security credentials for remote database instances via a centralized interface.