🔒️ Security

[rster2002]

This issue keeps track of things that have to do with security and taking into account worst case scenarios.

• [x] Logging should not expose sensitive information
• [ ] #14
• [x] #12
• [ ] Tokens from #11 should be encrypted using a key that might be derived in some way from user credentials (client provides a key which the server can use to decrypt the token for one-time use)
• [x] #15
• [ ] #18
• [x] #27
• [x] #28
• [x] #33
• [ ] #42

[rster2002]

Good overview: https://www.youtube.com/watch?v=N8xEgSe5RwE

[rster2002]

2FA algorithm overview: https://youtu.be/VOYxF12K1vE

[rster2002]

Global ratelimiting: https://lib.rs/crates/rocket-governor