Project

General

Profile

Feature #1011

Additional security features

Added by Alexander Watzinger over 1 year ago. Updated over 1 year ago.

Status:
Closed
Priority:
Low
Category:
Backend
Target version:
Start date:
2019-04-07
Estimated time:
8.00 h

Description

To provide additional security we tested OpenAtlas at Mozilla and began implementing the suggestions: https://observatory.mozilla.org/analyze/demo-dev.openatlas.eu

In application:

  • SESSION_COOKIE_SAMESITE
  • REMEMBER_COOKIE_SECURE

Documented how to activated if using HTTPS only:

History

#1

Updated by Alexander Watzinger over 1 year ago

  • Description updated (diff)
#2

Updated by Alexander Watzinger over 1 year ago

  • Description updated (diff)
#3

Updated by Alexander Watzinger over 1 year ago

  • Description updated (diff)
#4

Updated by Alexander Watzinger over 1 year ago

  • Description updated (diff)
#5

Updated by Alexander Watzinger over 1 year ago

  • Description updated (diff)
#6

Updated by Alexander Watzinger over 1 year ago

  • Description updated (diff)
#7

Updated by Alexander Watzinger over 1 year ago

  • Status changed from In Progress to Closed

Only suggestion which was not implemented: Content Security Policy

This would need a complete rebuild of the application (no inline JavaScript or CSS) so we wait for the next major frontend upgrade.

Also available in: Atom PDF