-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e21edec
commit afa7716
Showing
1 changed file
with
32 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| # Security Policy for fastapi-user-authentication | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| We take security seriously and are committed to maintaining the security of our project. If you discover a security vulnerability, please report it as soon as possible. | ||
|
|
||
| ### Steps to Report a Vulnerability | ||
|
|
||
| 1. **Email**: Send an email to v.sothea.personal@gmail.com with the following information: | ||
| - A description of the vulnerability. | ||
| - Steps to reproduce the issue. | ||
| - Any relevant logs or screenshots. | ||
|
|
||
| 2. **Do Not Share Publicly**: Please do not disclose the vulnerability publicly until it has been addressed. This helps us protect our users and the integrity of the project. | ||
|
|
||
| 3. **Response Time**: We will respond to your report as soon as possible and will keep you updated on the progress of the fix. | ||
|
|
||
| ## Secure Coding Practices | ||
|
|
||
| To help maintain the security of this project, we encourage contributors to follow these best practices: | ||
|
|
||
| - **Input Validation**: Always validate and sanitize user input to prevent injection attacks (e.g., SQL injection, XSS). | ||
| - **Authentication**: Use strong authentication mechanisms, such as hashed passwords and secure tokens. | ||
| - **Authorization**: Implement Role-Based Access Control (RBAC) to ensure users have appropriate permissions. | ||
| - **Use HTTPS**: Always use HTTPS to encrypt data in transit and protect against man-in-the-middle attacks. | ||
| - **Keep Dependencies Updated**: Regularly update dependencies and monitor for known vulnerabilities using tools like [Dependabot](https://dependabot.com/) or [Snyk](https://snyk.io/). | ||
|
|
||
| ## Security Updates | ||
|
|
||
| We will provide security updates and patches as necessary. To stay informed about security-related updates, please watch the repository or check the [releases](https://github.com/VannySothea/fastapi-user-authentication/releases) page. | ||
|
|
||
| Thank you for helping us keep our project secure! |