LifePex/documentation/SECURITY.md

36 lines
1.5 KiB
Markdown

# Security
## List of important things
* Actors
* Users: uses probably a web browser
* Administrator: host data and source code
* Software
* SQL Database: external software that holds data
* Ruby and dependencies: source code from open source external software
* Bootstrap CDN: css and javascript from external source
* Hardware
* Host server
* Sensitive data
* Private user's data
## Trust, privacy, threat model
* 1. Because we handle private data, it is important to protect it against leak.
User's private data should not be exposed publicly, and it should not be
possible to impersonate users.
* 2. Data inputed should not include financial information, making it
less a target for attackers. It should also not include many personnal
information, so even in case of security leak, exploiting data should be harder.
However, it is possible that the user find interest into putting sexual,
religious or medical information in the database. This is might be dangerous
for individuals if they are not aware of the point 3.
* 3. Because of the way it is currently used, the administrator has a complete
technical control over the data which are very easy to extract and export.
The administrator is probably close from some of the users and may have a
interest into looking these easly accessible private data.
The user must consider the administrator trustworthy of the information he
will input or not fear them to be read by the administrator.