-
Notifications
You must be signed in to change notification settings - Fork 319
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Backend] Adding various security features #517
Comments
Hello there!👋 Welcome to the project!🚀⚡ Thank you and congrats🎉 for opening your very first issue in this project. Community-website aims to build a resource sharing platform in order to reduce the knowledge gap. Please adhere to our Code of Conduct.🙌 If you have screenshots or a gif to share demonstrating the issue, that's really helpful!📸 Please make sure not to start working on the issue, unless you get assigned to it.😄 Feel free to join our Slack Community.💖 We have different channels for active discussions.✨ Hope you have a great time there!😄 |
Can you please elaborate on it a bit? |
XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. To protect against this, I will be using xss-clean package. NoSQL injection vulnerabilities allow attackers to inject code into commands for databases that don’t use SQL queries, such as MongoDB. I will be using express-mongo-sanitize to protect against this. Multiple requests from the same IP may crash the server. You should have it implemented just in case. |
okay, you can take this is just as an additional check but we don't feel the need for these explicitly at the moment but yeah these are somewhat good to have |
@udaymittal7 Please update progess on this |
Hi, I am a GSSoC'21 Participant. I would like to work on this issue, please assign it to me. |
I am interested to work upon this. |
@himanshusanecha Go ahead with this and kindly update here after updating. |
yes sure, I am starting to work on this issue. Sorry for the delay due to exams @AyushSingh22 |
Data sanitization against no SQL injection and XSS
Rate limiter so the server won't get overload
If you find it relevant, please assign me.
I am a participant of GSSOC'21 so please add the relevant GSSOC tags too.
The text was updated successfully, but these errors were encountered: