> ## Documentation Index > Fetch the complete documentation index at: https://docs.ipmideck.com/llms.txt > Use this file to discover all available pages before exploring further. # Security > Every security claim here is grounded in ipmideck's own backend code, not marketing. ipmideck is built for people who read the source instead of trusting a vendor. The claims below are grounded in the product's backend code. ## Data & account security Credentials are encrypted at rest, logins are hashed, and sessions are signed, the database alone is never enough to get in. ### AES-256-CBC credential encryption BMC credentials are encrypted at rest with AES-256-CBC and a random IV per secret. The encryption key lives in a separate key file (`data/encryption.key`, 32 random bytes, owner-only permissions), never in the database, so a stolen database alone cannot decrypt anything. ### bcrypt logins + HMAC-SHA256 signed sessions Login passwords are hashed with bcrypt (per-password salt, constant-time verify). Session tokens are signed with HMAC-SHA256, revalidated on every request, and invalidated when a username changes. Cookies are HttpOnly and SameSite=Lax. ### Brute-force lockout Per-username lockout with exponential backoff after five failed attempts (up to an hour), plus timing-leak-safe generic errors so an attacker learns nothing from how a login fails. ### No-shell ipmitool, fully offline ipmitool is invoked through an argument list (`create_subprocess_exec`), never a shell, so there is no command-injection surface. The whole system runs fully offline: no telemetry, no cloud, no external calls. ## Hardware protection FanPilot is built to fail safe: thermal limits win over any curve, and the control loop keeps running even when you are not watching. ### Safety override at the critical temperature Fans are forced to 100% at or above the critical temperature (default 85°C, configurable). No fan curve can override the override, the thermal limit always wins. ### Hysteresis to stop oscillation A configurable hysteresis margin (default 3°C) prevents fans from rapidly oscillating up and down around a temperature limit, keeping speed changes smooth and predictable. ### Autonomous background loop Fan control runs in a background task (\~30s poll) that keeps working with the dashboard closed, protection does not depend on a browser tab being open. ### Unclean-shutdown recovery + graceful shutdown After an unclean stop (power loss or `kill -9`) ipmideck restores the BMC's own auto mode, and it auto-recovers on server-offline and stale-sensor detection. A clean shutdown hands fans back to the BMC's thermal management.