Versions Compared

Version Old Version 11 New Version Current
Changes made by

Garvi Poudyal

Garvi Poudyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

  1. Security. Your security considerations should include, but are not limited to the following:

    • Authenticity

    • Accountability

USER SECURITY

As a recipient, I want to be aware of who and when recipients access the data

  • Each user is required to register an account

  • Invoice calls are logged → sent and received email

As a recipient, I do want my data to be stored in a safe location, for which only I can access

  • Registering an account

  • Hashing the password, to ensure others cannot have access

  • Recipient has to be logged in to access any information (sendInvoice)

SECRET SECURITY

As a developer, I want the system store the data in secure location, to protect the privacy of sensitive information

  • Stored locally

  • Github - secrets folder

  • Store in encrypted part of Github

As a developer, I want specific (private) information to not be accessible, by fellow developers ensuring the privacy of our recipient’s information

  • User specific information is NEVER published in the GitHub repo

    • Email server logins

    • JWT tokens keep private through secrets.

  • Developers added to deployment environment on hero to access during deployment

SERVER SECURITY

As a developer, I want to ensure the upmost level of security for a user recipient

  • Two step verification system

  • Randomly generated Key (in Heruko)

  1. Performance. The API endpoints should take a minimal amount of time to complete. In most cases this will be relatively straightforward. In some, where computations are more complex, you will need to spend time designing your algorithm with pseudocode to determine the algorithmic complexity and reduce it as much as possible. Document any relevant content inside a confluence page called Performance.

USE CASE 

...

PERFORMANCE

As a developer, I want to have succinct and minimised amount of storage for fast easy sending

  • Attach information as a PDF in attachment rather than in the body of email

As a developer, I want to have fast and optimal methods, through low algorithmic complexities

  • Extracting the email : Using a tree format

As a recipient , I want vas amounts of information to be sent efficiently (minimal amount of time required) and with ease.