Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security audit #22

Open
mrjones-plip opened this issue Apr 7, 2016 · 0 comments
Open

Security audit #22

mrjones-plip opened this issue Apr 7, 2016 · 0 comments

Comments

@mrjones-plip
Copy link
Contributor

we should ensure we're secure!

  • make sure all traffic goes over HTTPS, not HTTP
  • make sure any passwords in the DB are stored in bcrypt (or scrypt, but i prefer bcrypt ;)
  • make sure all code uses parameterized SQL statements so we can have Little Bobby Tables as a member
  • make sure we render user values passed to us and values retrieved from the DB escaped to avoid XSS and persistent XSS
  • if we wanna get fancy, consider CSRF protection
  • do we want to encrypt server drive/home directory? This will mean we need password on boot, every boot
  • are we comfortable with the current set up with the electric badger doing POSTs to ShopIdentifyer? I suspect this if fine, but I also assume the POSTs are unauthenticated, so I wanted to bring it up.
  • other?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mrjones-plip