Security

List of important things

Actors
- Users: uses probably a web browser
- Administrator: host data and source code
Software
- SQL Database: external software that holds data
- Ruby and dependencies: source code from open source external software
- Bootstrap CDN: css and javascript from external source
Hardware
- Host server
Sensitive data
- Private user's data

1. Because we handle private data, it is important to protect it against leak. User's private data should not be exposed publicly, and it should not be possible to impersonate users.
1. Data inputed should not include financial information, making it less a target for attackers. It should also not include many personnal information, so even in case of security leak, exploiting data should be harder. However, it is possible that the user find interest into putting sexual, religious or medical information in the database. This is might be dangerous for individuals if they are not aware of the point 3.
1. Because of the way it is currently used, the administrator has a complete technical control over the data which are very easy to extract and export. The administrator is probably close from some of the users and may have a interest into looking these easly accessible private data. The user must consider the administrator trustworthy of the information he will input or not fear them to be read by the administrator.