ytursyna
/
public
forked from root/public
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

forum/security : issue correction

content-update
lee 3 years ago
parent
32728f0a4e
commit
dcc25c0906
3 changed files with 12 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      subjects/forum/README.md
  2. 2
      subjects/forum/audit/README.md
  3. 11
      subjects/forum/security/README.md

4
subjects/forum/README.md
unescape_control_characters View File

@ -33,7 +33,7 @@ Instructions for user registration:
- When the email is already taken return an error response.
- Must ask for username
- Must ask for password
- The password must be encrypted when stored
- The password must be encrypted when stored (this is a Bonus task)
The forum must be able to check if the email provided is present in the database and if all credentials are correct. It will check if the password is the same with the one provided and, if the password is not the same, it will return an error response.
@ -75,7 +75,7 @@ For the forum project you must use Docker. You can read about docker basics in t
- You must handle website errors, HTTP status.
- You must handle all sort of technical errors.
- The code must respect the [**good practices**](../good-practices/README.md).
- It is recommended that the code should present a **test file**.
- It is recommended to have **test files** for [unit testing](https://go.dev/doc/tutorial/add-a-test).
### Allowed packages

2
subjects/forum/audit/README.md
unescape_control_characters View File

@ -170,6 +170,8 @@ cc8f5dcf760f <name of the image> "./server" 6 seconds ag
###### +Does the project present a script to build the images and containers? (using a script to simplify the build)
###### +Is the password present in the database encrypted?
#### Basic
###### +Does the project runs quickly and effectively? (Favoring recursive, no unnecessary data requests, etc)

11
subjects/forum/security/README.md
unescape_control_characters View File

@ -10,14 +10,19 @@ For this project you must take into account the security of your forum.
- Encrypted connection : for this you will have to generate an SSL certificate, you can think of this like a identity card for your website. You can create your certificates or use "Certificate Authorities"(CA's)
- Clients session cookies should be unique. For instance, the session state is stored on the server and the session should present an unique identifier. This way the client has no direct access to it. Therefore, there is no way for attackers to read or tamper with session state.
- We recommend you to take a look into [cipher suites](https://en.wikipedia.org/wiki/Cipher_suite).
- The implementation of [Rate Limiting](https://en.wikipedia.org/wiki/Rate_limiting) must be present on this project
- You should encrypt :
- Clients passwords
- Clients passwords.
- Database, for this you will have to create a password for your database.
Sessions and cookies were implemented in the [previous project](../README.md) but not under-pressure (tested in an attack environment). So this time you must take this into account.
- Clients session cookies should be unique. For instance, the session state is stored on the server and the session should present an unique identifier. This way the client has no direct access to it. Therefore, there is no way for attackers to read or tamper with session state.
### Hints
- You can take a look at the `openssl` manual.
@ -28,7 +33,7 @@ For this project you must take into account the security of your forum.
- You must handle website errors, HTTPS status.
- You must handle all sort of technical errors.
- The code must respect the [**good practices**](../../good-practices/README.md).
- It is recommended that the code should present a **test file**.
- It is recommended to have **test files** for [unit testing](https://go.dev/doc/tutorial/add-a-test).
### Allowed packages

Write Preview
Loading…
Cancel
Save