Closed cycomachead closed 1 year ago
https://observatory.mozilla.org/analyze/cloud.snap.berkeley.edu
Ouch, that grade is sad. Some of those things (CSP) don't really apply for an API, but since we are also serving HTML we should probably do that.
Postgres info: https://www.postgresql.org/docs/9.5/static/ssl-tcp.html
https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
Current status is A+ for snap-staging.CS10.org
Current status is A+ for snap-staging.CS10.org
Yay! Does this mean this can be closed?
I want to review a few more things - we have some server configurations and we should also test for XSS.
Putting this as one mega issue to track everything.
What other policies and issues do we need to consider?