Sprint: Security Hardening (12 security issues) #530
Description
Security Sprint - Future Work
This issue groups 12 security-related issues for a dedicated security review sprint. These should NOT be rushed through during the 2026 design implementation.
Security Issues (in order of priority)
Critical
- Enhance security of the Digital Safe #288: Enhance security of the Digital Safe (parent issue)
- Apply recommendations from Audit Report #230: Apply recommendations from Audit Report
- Refine and complete threat model documentation #219: Refine and complete threat model documentation
High
- Security: Create strictest possible CSP without breaking site #169: Create strictest possible CSP without breaking site
- Consider protecting
act/loginendpoint against CSRF attacks #123: CSRF protection for login endpoint - Security: Prevent too many requests per *account* #161: Rate limiting per account (not just IP)
- Security: Prevent log injection #178: Prevent log injection
Medium
- Decouple generation of encryption and signing keys #223: Decouple encryption and signing keys
- Introduce versioning mechanism for cryptographic updates #225: Cryptographic versioning mechanism
- Investigate security of postgres db connection #272: Postgres connection security
- Periodically rotate secrets stored in Key Vaults #278: Rotate Key Vault secrets periodically
Lower Priority
- Use Defensive Programming and the Principle of Least Privilege #222: Defensive programming practices
- Refine how configurations are managed to protect against access through memory access. #241: Protect configs from memory access
- Reconsider using both
tweetnaclandsodium-plus#124: tweetnacl vs sodium-plus consolidation
Anti-abuse
- Security: Mitigate DoS attacks against Digital Safe creation endpoint #39: DoS mitigation for Safe creation
- Blob Storage: Restrict user permissions *if* they can directly upload/download to/from Azure Blob Storage #72: Blob Storage permissions
- Define set of restrictions to avoid bandwidth exploitation #80: Bandwidth exploitation restrictions
- Prevent malicious users from exploiting storage #98: Storage exploitation prevention
Process
- Schedule dedicated security review
- Involve security expertise
- Don't rush - security done poorly is worse than not done
DO NOT close individual issues
Keep them open for tracking. This is a meta-issue.