安全性
Closed, ResolvedPublic
Actions

Tags

Subscribers

Assigned To

Authored By

	iongchun
	Aug 31 2017, 8:23 AM

Description

SSL
Authentication
CSRF
DDoS-resistent
etc.

Revisions and Commits

R10 PollingCenter Web Server
	R10:eb26a50ca13f do not let disabled user login and check permission in account API
	R10:f7aaca81bf6d add "remember me" for login
	R10:67c1d02b28c0 add password hash with bcrypt
	R10:71403f5eaef5 using spring-security

Related Objects
Search...

		Status	Assigned	Task
		Resolved	iongchun	T21 伺服器端
		Resolved	iongchun	T26 安全性
		Resolved	iongchun	T29 禁止停用的帳號登入
		Resolved	iongchun	T30 權限控制

Event Timeline

iongchun claimed this task.Aug 31 2017, 8:23 AM

iongchun created this task.

iongchun added a parent task: T21: 伺服器端.

Authentication and CSRF is implemented with spring-security

Other issues:

Password hash
SSL and certificate

iongchun triaged this task as High priority.Sep 1 2017, 10:38 AM

SSL deployed with certificate from Let's Encrypt

Passwords are hashed with bcrypt now.

Disabled user could not login now
User would be logout (session expired) immediately when being disabled
Add ROLE_ADMIN checking for Account REST API

iongchun added a subtask: T29: 禁止停用的帳號登入.Sep 5 2017, 8:47 PM

iongchun closed subtask T29: 禁止停用的帳號登入 as Resolved.

iongchun added a subtask: T30: 權限控制.

iongchun closed subtask T30: 權限控制 as Resolved.Sep 6 2017, 10:14 AM

iongchun closed this task as Resolved.Sep 19 2017, 4:22 PM