Create threat analysis model

[frankcash]

• [x] XSS
• [x] Password Encryption - Encrypt at db level
• [ ] Man in the middle (browser | attacker | server) - require authentication

[frankcash]

I'd like to create an open discussion for security measures we need to take.

@vishnuravi @cris1133 @bltsandwich1 @aarohmankad @misbahkhan

[mohnjoosemiller]

Where in the chain (if we have a plan) are we encrypting the password. In the browser (before it hits the server), or within the server before the database?

[misbahkhan]

@bltsandwich1 I think it should be server sided.

[vishnuravi]

We are currently encrypting with bcrypt on the server side.