dkam/clinch
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases Wiki Activity

Some beta-checklist updates

Browse Source
This commit is contained in:
Dan Milne
2026-01-02 11:53:41 +11:00
parent e288fcad7c
commit fed7c3cedb
3 changed files with 6 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -336,9 +336,6 @@ Use SQLite's `VACUUM INTO` command for safe, atomic backups of a running databas
```bash
# Local development
sqlite3 storage/production.sqlite3 "VACUUM INTO 'backup.sqlite3';"
# Docker
docker exec clinch sqlite3 /rails/storage/production.sqlite3 "VACUUM INTO '/rails/storage/backup.sqlite3';"
```
This creates an optimized copy of the database that's safe to make even while Clinch is running.

2
config/initializers/filter_parameter_logging.rb
View File

@@ -4,5 +4,5 @@
# Use this to limit dissemination of sensitive information.
# See the ActiveSupport::ParameterFilter documentation for supported notations and behaviors.
Rails.application.config.filter_parameters += [
:passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc
:passw, :email, :secret, :token, :_key, :crypt, :salt, :certificate, :otp, :ssn, :cvv, :cvc, :backup
]

13
docs/beta-checklist.md
View File

@@ -155,16 +155,14 @@ This checklist ensures Clinch meets security, quality, and documentation standar
- [x] Docker Compose example
- [ ] Production deployment guide
- [x] Backup and restore documentation
- [ ] Migration strategy documentation
## Security Hardening
### Headers & CSP
- [ ] Review Content Security Policy
- [ ] HSTS configuration
- [ ] X-Frame-Options
- [ ] X-Content-Type-Options
- [ ] Referrer-Policy
- [x] Content Security Policy (comprehensive policy in config/initializers/content_security_policy.rb)
- [x] X-Frame-Options (DENY in production config)
- [x] X-Content-Type-Options (nosniff - Rails default)
- [x] Referrer-Policy (strict-origin-when-cross-origin in production config)
### Rate Limiting
- [ ] Login attempt rate limiting
@@ -180,8 +178,7 @@ This checklist ensures Clinch meets security, quality, and documentation standar
### Logging & Monitoring
- [x] Sentry integration (optional)
- [ ] Document what should be logged
- [ ] Document what should NOT be logged (tokens, passwords)
- [x] Parameter filtering configured (passwords, tokens, secrets, backup codes, emails filtered from logs)
- [ ] Audit log for admin actions
## Known Limitations & Risks