Versions Compared

Version Old Version 10 New Version 11
Changes made by

Garvi Poudyal

Garvi Poudyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

  1. Security. Your security considerations should include, but are not limited to the following:

    • Authenticity

    • Accountability

USER SECURITY

As a recipient, I want to be aware of who and when recipients access the data

  • Each user is required to register an account

  • Invoice calls are logged → sent and received email

As a recipient, I do want my data to be stored in a safe location, for which only I can access

  • Registering an account

  • Hashing the password, to ensure others cannot have access

  • Recipient has to be logged in to access any information (sendInvoice)

SECRET SECURITY

As a developer, I want the system store the data in secure location, to protect the privacy of sensitive information

  • Stored locally

  • Github - secrets folder

  • Store in encrypted part of Github

As a developer, I want specific (private) information to not be accessible, by fellow developers ensuring the privacy of our recipient’s information

  • User specific information is NEVER published in the GitHub repo

    • Email server logins

    • JWT tokens keep private through secrets.

  • Developers added to deployment environment on hero to access during deployment

SERVER SECURITY

As a developer, I want to ensure the upmost level of security for a user recipient

  • Two step verification system

  • Randomly generated Key (in Heruko)

...