Project

General

Profile

Feature #1011

Additional security features

Added by Alexander Watzinger about 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Low
Category:
Backend
Target version:
Start date:
2019-04-07
Due date:
% Done:

0%

Estimated time:
8.00 h
Found in version:

Description

To provide additional security we tested OpenAtlas at Mozilla and began implementing the suggestions: https://observatory.mozilla.org/analyze/demo-dev.openatlas.eu

In application:

  • SESSION_COOKIE_SAMESITE
  • REMEMBER_COOKIE_SECURE

Documented how to activated if using HTTPS only:

History

#1 Updated by Alexander Watzinger about 2 months ago

  • Description updated (diff)

#2 Updated by Alexander Watzinger about 2 months ago

  • Description updated (diff)

#3 Updated by Alexander Watzinger about 2 months ago

  • Description updated (diff)

#4 Updated by Alexander Watzinger about 2 months ago

  • Description updated (diff)

#5 Updated by Alexander Watzinger about 2 months ago

  • Description updated (diff)

#6 Updated by Alexander Watzinger about 1 month ago

  • Description updated (diff)

#7 Updated by Alexander Watzinger about 1 month ago

  • Status changed from In Progress to Closed

Only suggestion which was not implemented: Content Security Policy

This would need a complete rebuild of the application (no inline JavaScript or CSS) so we wait for the next major frontend upgrade.

Also available in: Atom PDF