02845e65db
Added features: * register * authenticate * RLS as summarized in security_considerations.md Improve * Use enhanced graphiql version to be able to set authentication headers Remove: * docker-compose.prod.yml since it is not updated for now (and we do not have a production env)
1.3 KiB
1.3 KiB
Basic security
Testing the security of the backend is substantial for obvious reasons. Write automated penetration tests. There should be testcases for
| table | editor | candidate | user(v) | user | other |
|---|---|---|---|---|---|
| person | sdU | sDU | sDU | ||
| account | S | S | S | S | |
| answer | s | sDUI | s | ||
| question | sdui | s | s | ||
| categories | sdui | s | s |
| function | editor | candidate | user(v) | user | other |
|---|---|---|---|---|---|
| register | E | ||||
| authenticate | E | E | E | E | |
| change pw | E | E | E | ||
| change role | e |
where
- s: select
- d: delete
- u: update
- i: insert
- e: execute
An uppercase version of the above letters means that the operation is only possible on rows directly related to the user id, e.g. a candidate can only delete, update and insert the own answer(s).
Passwords
DO NOT LOG THE PASSWORDS postgres logging conf may need adoption to NOT log passwords in plain text.