-
Notifications
You must be signed in to change notification settings - Fork 0
Security Issues
Identify sensitive information kept by your software. Explain how you plan to protect it. User emails and passwords for our website will be collected. We plan to protect it by storing it in a secure Mongo database, and the password will not be shared among anyone except developers. Even bookstore admins will not have access to the users’ passwords. As an additional protection for user accounts, we (aspirationally) plan to offer two-factor authentication.
Identify possible attack vectors, that is, ways malicious users could try to use your software to escalate their privileges. This includes root access to your server, access to other user's sensitive information (say via XSS attacks), root access to your database, etc. Explain protection plan. We plan to protect our servers and databases by all having two-factor authentication set up, which dramatically decreases risk of an attack.