Page MenuHomePhabricator

安全性
Closed, ResolvedPublic

Description

  • SSL
  • Authentication
  • CSRF
  • DDoS-resistent
  • etc.

Related Objects

StatusAssignedTask
Resolvediongchun
Resolvediongchun
Resolvediongchun
Resolvediongchun

Event Timeline

iongchun claimed this task.Aug 31 2017, 8:23 AM
iongchun created this task.
iongchun added a parent task: T21: 伺服器端.

Authentication and CSRF is implemented with spring-security

Other issues:

  • Password hash
  • SSL and certificate
iongchun triaged this task as High priority.Sep 1 2017, 10:38 AM

SSL deployed with certificate from Let's Encrypt

  • Disabled user could not login now
  • User would be logout (session expired) immediately when being disabled
  • Add ROLE_ADMIN checking for Account REST API
iongchun closed this task as Resolved.Sep 19 2017, 4:22 PM