Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review & Improve Security #85

Open
6 tasks
type1fool opened this issue Oct 25, 2024 · 0 comments
Open
6 tasks

Review & Improve Security #85

type1fool opened this issue Oct 25, 2024 · 0 comments
Assignees
@type1fool
Labels
security
Milestone
v1

Comments

@type1fool
Copy link
Collaborator

type1fool commented Oct 25, 2024
edited
Loading

Requirements

  • Ensure session tokens are not stored in plaintext
  • Ensure expired tokens are removed
  • Ensure singular session tokens can be invalidated
  • Improve session cookies
  • Mitigate token expiration timing issue
  • Review CSRF protections

Context

@houlette was kind enough to review the package and provide detailed feedback in PR 50.
@type1fool type1fool converted this from a draft issue Oct 25, 2024
@type1fool type1fool added this to the v1 milestone Oct 25, 2024
@type1fool type1fool added security triage Needs to be prioritized labels Oct 25, 2024
@type1fool type1fool self-assigned this Oct 25, 2024
@type1fool type1fool removed the triage Needs to be prioritized label Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@type1fool type1fool

Labels
security
Projects
WebAuthnComponents v1
Status: Todo
Milestone
v1
Development

No branches or pull requests
1 participant
@type1fool