Skip to content

feat: implement enterprise-grade security enhancements #416 #417

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: implement enterprise-grade security enhancements #416 #417

wants to merge 1 commit into from

Conversation

@manasdutta04
Copy link

@manasdutta04 manasdutta04 commented Aug 10, 2025

feat(security): comprehensive security overhaul for authentication and database #416

Security Enhancements:

  • Replace chr(ord(char)*2) encryption with bcrypt hashing (12 rounds + salt)
  • Move DB_PASSWORD="tejas123" to environment variables with .env support
  • Replace string formatting SQL with parameterized queries (%s placeholders)
  • Implement secure session tokens using secrets.token_urlsafe(32)
  • Add comprehensive input validation for usernames, passwords, and data
  • Create account lockout system (5 attempts, 15min lockout)

Files Added:

  • software/security.py - Security manager with bcrypt and session handling
  • software/validators.py - Input validation and sanitization utilities
  • migration_script.py - Safe migration for existing password hashes
  • .env.example - Environment configuration template
  • SECURITY.md - Complete security documentation

Files Modified:

  • software/main.py - Updated authentication flow with session management
  • software/manage_data.py - Parameterized queries and secure operations
  • software/db_config.py - Environment variable configuration
  • installation/requirements.txt - Added bcrypt and python-dotenv

BREAKING CHANGE: Existing installations must run migration_script.py

@manasdutta04
feat: implement enterprise-grade security enhancements
eb1e56a 
- bcrypt password hashing with migration script
- environment-based configuration (.env support)
- parameterized queries for SQL injection prevention
- secure session management with timeout
- comprehensive input validation and sanitization
- account lockout protection against brute force
@netlify
Copy link

netlify bot commented Aug 10, 2025
edited
Loading

Deploy Preview for multiverse-dataverse ready!

Name Link
🔨 Latest commit eb1e56a
🔍 Latest deploy log https://app.netlify.com/projects/multiverse-dataverse/deploys/6898ad5224a1780008df3692
😎 Deploy Preview https://deploy-preview-417--multiverse-dataverse.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@github-actions
Copy link
Contributor

github-actions bot commented Aug 10, 2025

🎉 Thank you for your contribution! Your pull request has been submitted successfully. A maintainer from team will review it soon. We appreciate your support in making better.

github-actions[bot]
github-actions bot reviewed Aug 10, 2025
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎉 Thank you for your contribution! Your pull request has been submitted successfully. A maintainer from Dataverse will review it soon. We appreciate your support in making this project better.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@manasdutta04