Export Security¶
CalcBridge implements multiple security layers to protect exported data.
Zip Bomb Protection¶
Before processing any XLSX file (import or export verification), CalcBridge validates the archive:
| Check | Default Limit |
|---|---|
| Maximum compression ratio | 100:1 |
| Maximum file count | 5,000 files |
| Maximum uncompressed size | Configurable per deployment (default 250 MB) |
Files exceeding these limits are rejected with a ZipBombError.
Verify Endpoint Hardening¶
The public verification endpoint is protected with layered controls:
- Rate limits: 10 requests/min unauthenticated, 100 requests/min authenticated
- Upload size: 25 MB public, 100 MB authenticated
- Decompressed size cap: enforced before reading worksheets
- Sandboxed execution: CPU and memory limits during hash computation
- Antivirus scan: rejects infected uploads
- Temporary retention: verify uploads are purged automatically
PII Redaction¶
Exports can optionally redact personally identifiable information:
- Enable with
redact_pii: truein export options - Applies configurable redaction rules before export
- Redacted fields are replaced with masked values
Password Protection¶
XLSX and PDF exports support password encryption:
- Set via
passwordoption in export request - XLSX uses standard Office encryption
- PDF uses PDF encryption standards
File Expiration¶
Export files automatically expire after a configurable period:
- Default: 24 hours
- Expired exports return
410 Goneon download attempts - Files are cleaned up by a background task
Access Control¶
- Exports inherit workbook-level permissions
- Only users with read access to the source workbook can create exports
- Download links are tenant-isolated via Row-Level Security
- Cross-tenant access attempts return
403 Forbidden
Related Documentation¶
- Provenance Signing - Data integrity verification
- Export Formats - Format-specific security features