Some beta-checklist updates
This commit is contained in:
Dan Milne
@@ -336,9 +336,6 @@ Use SQLite's `VACUUM INTO` command for safe, atomic backups of a running databas
|
|||||||
```bash
|
```bash
|
||||||
# Local development
|
# Local development
|
||||||
sqlite3 storage/production.sqlite3 "VACUUM INTO 'backup.sqlite3';"
|
sqlite3 storage/production.sqlite3 "VACUUM INTO 'backup.sqlite3';"
|
||||||
|
|
||||||
# Docker
|
|
||||||
docker exec clinch sqlite3 /rails/storage/production.sqlite3 "VACUUM INTO '/rails/storage/backup.sqlite3';"
|
|
||||||
```
|
```
|
||||||
|
|
||||||
This creates an optimized copy of the database that's safe to make even while Clinch is running.
|
This creates an optimized copy of the database that's safe to make even while Clinch is running.
|
||||||
|
|||||||
@@ -4,5 +4,5 @@
|
|||||||
# Use this to limit dissemination of sensitive information.
|
# Use this to limit dissemination of sensitive information.
|
||||||
# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
|
# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
|
||||||
Rails.application.config.filter_parameters += [
|
Rails.application.config.filter_parameters += [
|
||||||
:passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc
|
:passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc, :backup
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -155,16 +155,14 @@ This checklist ensures Clinch meets security, quality, and documentation standar
|
|||||||
- [x] Docker Compose example
|
- [x] Docker Compose example
|
||||||
- [ ] Production deployment guide
|
- [ ] Production deployment guide
|
||||||
- [x] Backup and restore documentation
|
- [x] Backup and restore documentation
|
||||||
- [ ] Migration strategy documentation
|
|
||||||
|
|
||||||
## Security Hardening
|
## Security Hardening
|
||||||
|
|
||||||
### Headers & CSP
|
### Headers & CSP
|
||||||
- [ ] Review Content Security Policy
|
- [x] Content Security Policy (comprehensive policy in config/initializers/content_security_policy.rb)
|
||||||
- [ ] HSTS configuration
|
- [x] X-Frame-Options (DENY in production config)
|
||||||
- [ ] X-Frame-Options
|
- [x] X-Content-Type-Options (nosniff - Rails default)
|
||||||
- [ ] X-Content-Type-Options
|
- [x] Referrer-Policy (strict-origin-when-cross-origin in production config)
|
||||||
- [ ] Referrer-Policy
|
|
||||||
|
|
||||||
### Rate Limiting
|
### Rate Limiting
|
||||||
- [ ] Login attempt rate limiting
|
- [ ] Login attempt rate limiting
|
||||||
@@ -180,8 +178,7 @@ This checklist ensures Clinch meets security, quality, and documentation standar
|
|||||||
|
|
||||||
### Logging & Monitoring
|
### Logging & Monitoring
|
||||||
- [x] Sentry integration (optional)
|
- [x] Sentry integration (optional)
|
||||||
- [ ] Document what should be logged
|
- [x] Parameter filtering configured (passwords, tokens, secrets, backup codes, emails filtered from logs)
|
||||||
- [ ] Document what should NOT be logged (tokens, passwords)
|
|
||||||
- [ ] Audit log for admin actions
|
- [ ] Audit log for admin actions
|
||||||
|
|
||||||
## Known Limitations & Risks
|
## Known Limitations & Risks
|
||||||
|
|||||||
Reference in New Issue
Block a user