From 705fc0a8e1ba4a3ec84ab314db3769f02cc218e2 Mon Sep 17 00:00:00 2001 From: miguel Date: Fri, 28 Jan 2022 17:01:44 +0000 Subject: [PATCH] Adding db encrypt as a bonus --- subjects/forum/security/README.md | 4 +--- subjects/forum/security/audit.md | 6 ++---- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/subjects/forum/security/README.md b/subjects/forum/security/README.md index 0dbfe6b24..b2f48f42e 100644 --- a/subjects/forum/security/README.md +++ b/subjects/forum/security/README.md @@ -15,9 +15,7 @@ For this project you must take into account the security of your forum. - The implementation of [Rate Limiting](https://en.wikipedia.org/wiki/Rate_limiting) must be present on this project -- You should encrypt : - - Clients passwords. - - Database, for this you will have to create a password for your database. +- You should encrypt at least the clients passwords. As a Bonus you can also encrypt the database, for this you will have to create a password for your database. Sessions and cookies were implemented in the [previous project](../README.md) but not under-pressure (tested in an attack environment). So this time you must take this into account. diff --git a/subjects/forum/security/audit.md b/subjects/forum/security/audit.md index 22aa769f0..7687a68c4 100644 --- a/subjects/forum/security/audit.md +++ b/subjects/forum/security/audit.md @@ -12,10 +12,6 @@ ###### Does the project implement [Rate limiting](https://en.wikipedia.org/wiki/Rate_limiting) (avoiding [DoS attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack))? -##### Try to access the database. - -###### Does the database present a password for protection? - ##### Try creating a user. Go to the database using the command `"sqlite3 "` and run `"SELECT * FROM ;"` to select all users. ###### Are the passwords encrypted? @@ -36,6 +32,8 @@ ###### +Does the project implement UUID(Universal Unique Identifier) for the user session? +###### +Does the database present a password for protection? + #### Basic ###### +Does the project runs quickly and effectively? (no unnecessary data requests, etc)