Security Issues

Identify sensitive information kept by your software. Explain how you plan to protect it.

The only sensitive information we will store is the Spotify API refresh & access tokens. We are using next-auth to handle authentication and will properly handle re-authenticating / token rotating per their guides.

Identify possible attack vectors, that is, ways malicious users could try to use your software to escalate their privileges. This includes root access to your server, access to other user's sensitive information (say via XSS attacks), root access to your database, etc. Explain protection plan.

Possible attack vectors include accessing the database used to store custom user information (posts, comments). User session & refresh tokens will be stored locally on the user’s browser. We do not plan on self-hosting our deployment server or database, and will not use root access when developing the database.

Milestones

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Issues

Identify sensitive information kept by your software. Explain how you plan to protect it.

Identify possible attack vectors, that is, ways malicious users could try to use your software to escalate their privileges. This includes root access to your server, access to other user's sensitive information (say via XSS attacks), root access to your database, etc. Explain protection plan.

Clone this wiki locally