[Backend] Adding various security features #517
Comments
|
Hello there!👋 Welcome to the project!🚀⚡ Thank you and congrats🎉 for opening your very first issue in this project. Community-website aims to build a resource sharing platform in order to reduce the knowledge gap. Please adhere to our Code of Conduct.🙌 If you have screenshots or a gif to share demonstrating the issue, that's really helpful!📸 Please make sure not to start working on the issue, unless you get assigned to it.😄 Feel free to join our Slack Community.💖 We have different channels for active discussions.✨ Hope you have a great time there!😄 |
|
Can you please elaborate on it a bit? |
|
XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. To protect against this, I will be using xss-clean package. NoSQL injection vulnerabilities allow attackers to inject code into commands for databases that don’t use SQL queries, such as MongoDB. I will be using express-mongo-sanitize to protect against this. Multiple requests from the same IP may crash the server. You should have it implemented just in case. |
|
okay, you can take this is just as an additional check but we don't feel the need for these explicitly at the moment but yeah these are somewhat good to have |
jackfrost13
added
enhancement
|
@udaymittal7 Please update progess on this |
|
Hi, I am a GSSoC'21 Participant. I would like to work on this issue, please assign it to me. |
|
I am interested to work upon this. |
|
@himanshusanecha Go ahead with this and kindly update here after updating. |
|
yes sure, I am starting to work on this issue. Sorry for the delay due to exams @AyushSingh22 |
Data sanitization against no SQL injection and XSS
Rate limiter so the server won't get overload
If you find it relevant, please assign me.
I am a participant of GSSOC'21 so please add the relevant GSSOC tags too.
The text was updated successfully, but these errors were encountered: