Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add security checks #7246

Closed
3 tasks done
mtrezza opened this issue Mar 5, 2021 · 2 comments · Fixed by #7247
Closed
3 tasks done

Add security checks #7246

mtrezza opened this issue Mar 5, 2021 · 2 comments · Fixed by #7247
Labels
state:released Released as stable version state:released-beta Released as beta version type:feature New feature or improvement of existing feature

Comments

@mtrezza
Copy link
Member

mtrezza commented Mar 5, 2021
edited
Loading

New Feature / Enhancement Checklist

Current Limitation

Parse Server does not give any guidance in regards to weak security settings.

  • Helps developers with existing apps to secure deployment.
  • Helps new apps transitioning from a "playground" environment to a production environment.

Originally discussed in the community forum.

Feature / Enhancement Description

Add security report for developer to easily identify common weak security settings. While there are endless discussions possible about how "weak" a setting has to be to be considered security relevant, this feature should at least identify obvious weaknesses (e.g. a password of 5 characters). Gradually evolving, the security check can be parametrized according to individual policies, although that is not the aim of an initial version.

The feature is expected to develop in phases:

  1. Writing security report to Parse Server logs
  2. Displaying security report in Parse Dashboard
  3. Parametrization of security check according to individual policy

The checks can be continuously extended over time. Adding a feature-specific security check shall become a mandatory consideration whenever adding new features to Parse Server, just as writing test cases or docs.
This was referenced Mar 5, 2021
Merged
Closed
@mtrezza mtrezza added the type:feature New feature or improvement of existing feature label Mar 6, 2021
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 5.0.0-beta.1

@parseplatformorg parseplatformorg added the state:released-beta Released as beta version label Nov 1, 2021
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 5.0.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Mar 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
state:released Released as stable version state:released-beta Released as beta version type:feature New feature or improvement of existing feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add security check mtrezza/parse-server
2 participants
@mtrezza @parseplatformorg