Security

[KaungZawHtet]

How is security preparation for both of maintainers and drogon users ? Here are something I hope in drogon's roadmap : some security advice with drogon specific code in the documentation , default security tightening in starter projects (example, authentication and authorization in default state of starter projects) and security enhancement in default state of drogon .

In PHP world, here is some notable security advice of yii2 framework maintainers with yii2 specific codes : https://www.yiiframework.com/doc/guide/2.0/en/security-overview

Thank you for your awesome library.

[rbugajewski]

Thanks for your feedback. Security is currently a topic that needs more work in the documentation. There are obviously the usual gotchas while dealing with C++, and where general rules app that aren’t specific to Drogon.

It is especially important to take care of memory safety. For a good overview take a look at the C++ Core Guidelines.

The other subject that could be improved is input validation & sanitization.

As always every PR is welcome 🙂

[MUzairS15]

Hello, I am a newbie and want to cintribute could anyone pls guide me abt this issue?

[an-tao]

@MUzairS15 Hi~, thank you so much for your plan to contribute. Which feature do you want to make?

[MUzairS15]

i am not underestanding what really i can do pls guide me