Project

General

Profile

Actions

Feature #1011

closed

Additional security features

Added by Alexander Watzinger almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Category:
Backend
Target version:
Start date:
2019-04-07
Estimated time:
8.00 h

Description

To provide additional security we tested OpenAtlas at Mozilla and began implementing the suggestions: https://observatory.mozilla.org/analyze/demo-dev.openatlas.eu

In application:

  • SESSION_COOKIE_SAMESITE
  • REMEMBER_COOKIE_SECURE

Documented how to activated if using HTTPS only:

Actions #1

Updated by Alexander Watzinger almost 5 years ago

  • Description updated (diff)
Actions #2

Updated by Alexander Watzinger almost 5 years ago

  • Description updated (diff)
Actions #3

Updated by Alexander Watzinger almost 5 years ago

  • Description updated (diff)
Actions #4

Updated by Alexander Watzinger almost 5 years ago

  • Description updated (diff)
Actions #5

Updated by Alexander Watzinger almost 5 years ago

  • Description updated (diff)
Actions #6

Updated by Alexander Watzinger almost 5 years ago

  • Description updated (diff)
Actions #7

Updated by Alexander Watzinger almost 5 years ago

  • Status changed from In Progress to Closed

Only suggestion which was not implemented: Content Security Policy

This would need a complete rebuild of the application (no inline JavaScript or CSS) so we wait for the next major frontend upgrade.

Actions

Also available in: Atom PDF