As we come closer to the due date, and while we wait for the allocated components of other members, i wanted to address another major area we need to begin addressing to better secure our website. Some obvious and others more niche, but i think it would be best to address these security issues ASAP.
Need to do:
password hashing and salting (via external library)
*IMPORTANT remove shared database (each member should initialize their own database, keep separate from commits)
(Test data to fill these empty databases also need to be created)
Secret key used for CRSF prevention needs to be kept locally on everyone's computer rather that in the config files
Poll creation, user login & creation need better server side validation through flask forms
Please use this post to address these issues and or add to them.
This post has been actioned as of the security pull request. Further data validation for account creation and login on the server side will still need doing.
As we come closer to the due date, and while we wait for the allocated components of other members, i wanted to address another major area we need to begin addressing to better secure our website. Some obvious and others more niche, but i think it would be best to address these security issues ASAP.
Need to do:
Please use this post to address these issues and or add to them.