samarthhapse
commented
2 days ago @Shreyasaraf01 , you will have to work on node.js and express.js part of backend for that
Open Shreyasaraf01 opened 3 days ago
samarthhapse
commented
2 days ago @Shreyasaraf01 , you will have to work on node.js and express.js part of backend for that
Shreyasaraf01
commented
2 days ago Hello @samarthhapse ,
Thank you for your feedback on the issue.
I understand the new requirement to verify the expert's profile before saving it in the database and to implement an authorization email process. As I am currently learning Node.js and Express.js, I feel that this task might require a more advanced understanding of these technologies than I currently have.
However, I am eager to learn and contribute to the project. Any guidance or resources you could provide to help me get up to speed would be greatly appreciated. Alternatively, if there is someone else who can assist with this part of the task, I am happy to collaborate and learn from them.
Please let me know how you would like to proceed.
Thank you for your understanding.
Best regards, Shreyasaraf01
samarthhapse
commented
2 days ago okay then , pls work on only what you have commented for
samarthhapse
commented
2 days ago Description:
To protect user data on the 'sarthi' platform, robust password encryption and additional security measures must be implemented. This will ensure that user passwords remain secure and prevent common security vulnerabilities.
Objectives:
Encrypt user passwords before storing them in the database. Apply best practices for password handling and storage. Introduce security measures to protect the platform from threats such as SQL injection and cross-site scripting (XSS).
Tasks:
- Password Encryption:
Utilize a strong hashing algorithm (e.g., bcrypt, Argon2) to hash user passwords before storing them. Generate salts to enhance the security of the hashed passwords. Ensure the hashing process is computationally intensive to thwart brute force attacks.
- Secure Password Storage:
Securely store hashed passwords and their associated salts in the database. Ensure that plain-text passwords are never stored.
- Input Validation:
Validate and sanitize all user inputs to prevent SQL injection and XSS attacks. Use prepared statements for database queries to mitigate SQL injection risks.
- Password Policies:
Enforce strong password policies (e.g., minimum length, complexity requirements) during user registration. Provide feedback to users on password strength.
Expected Outcome:
Secure password handling and storage mechanisms that protect user data from unauthorized access. Enhanced overall security of the platform against common vulnerabilities.
Add all these things
IMP NOTE : fork code from updated (temp-af) branch and then start working. And try to raise PR by tomorrow
samarthhapse
commented
1 day ago @Shreyasaraf01 , as you have changed index.js. App will crash completely.
Description:
To protect user data on the 'sarthi' platform, robust password encryption and additional security measures must be implemented. This will ensure that user passwords remain secure and prevent common security vulnerabilities.
Objectives:
Encrypt user passwords before storing them in the database. Apply best practices for password handling and storage. Introduce security measures to protect the platform from threats such as SQL injection and cross-site scripting (XSS).
Tasks:
Utilize a strong hashing algorithm (e.g., bcrypt, Argon2) to hash user passwords before storing them. Generate salts to enhance the security of the hashed passwords. Ensure the hashing process is computationally intensive to thwart brute force attacks.
Securely store hashed passwords and their associated salts in the database. Ensure that plain-text passwords are never stored.
Validate and sanitize all user inputs to prevent SQL injection and XSS attacks. Use prepared statements for database queries to mitigate SQL injection risks.
Enforce strong password policies (e.g., minimum length, complexity requirements) during user registration. Provide feedback to users on password strength.
Expected Outcome:
Secure password handling and storage mechanisms that protect user data from unauthorized access. Enhanced overall security of the platform against common vulnerabilities.