Browse Source

Merge pull request #947 from 01-edu/forum-issue-01-377

Adding db encrypt as a bonus
pull/948/head
MSilva95 3 years ago committed by GitHub
parent
commit
f7c863a454
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 4
      subjects/forum/security/README.md
  2. 6
      subjects/forum/security/audit.md

4
subjects/forum/security/README.md

@ -15,9 +15,7 @@ For this project you must take into account the security of your forum.
- The implementation of [Rate Limiting](https://en.wikipedia.org/wiki/Rate_limiting) must be present on this project - The implementation of [Rate Limiting](https://en.wikipedia.org/wiki/Rate_limiting) must be present on this project
- You should encrypt : - You should encrypt at least the clients passwords. As a Bonus you can also encrypt the database, for this you will have to create a password for your database.
- Clients passwords.
- Database, for this you will have to create a password for your database.
Sessions and cookies were implemented in the [previous project](../README.md) but not under-pressure (tested in an attack environment). So this time you must take this into account. Sessions and cookies were implemented in the [previous project](../README.md) but not under-pressure (tested in an attack environment). So this time you must take this into account.

6
subjects/forum/security/audit.md

@ -12,10 +12,6 @@
###### Does the project implement [Rate limiting](https://en.wikipedia.org/wiki/Rate_limiting) (avoiding [DoS attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack))? ###### Does the project implement [Rate limiting](https://en.wikipedia.org/wiki/Rate_limiting) (avoiding [DoS attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack))?
##### Try to access the database.
###### Does the database present a password for protection?
##### Try creating a user. Go to the database using the command `"sqlite3 <database-name>"` and run `"SELECT * FROM <user-table>;"` to select all users. ##### Try creating a user. Go to the database using the command `"sqlite3 <database-name>"` and run `"SELECT * FROM <user-table>;"` to select all users.
###### Are the passwords encrypted? ###### Are the passwords encrypted?
@ -36,6 +32,8 @@
###### +Does the project implement UUID(Universal Unique Identifier) for the user session? ###### +Does the project implement UUID(Universal Unique Identifier) for the user session?
###### +Does the database present a password for protection?
#### Basic #### Basic
###### +Does the project runs quickly and effectively? (no unnecessary data requests, etc) ###### +Does the project runs quickly and effectively? (no unnecessary data requests, etc)

Loading…
Cancel
Save