2.2 KiB
2.2 KiB
Task List: Performance and Security Enhancements
This document tracks the tasks performed to improve the performance and security of the application.
Completed Tasks
Security
-
SEC-001: Externalize Hardcoded Configuration
- Status: Done
- Description: Moved hardcoded constants from
Port_Constant.javatoapplication.properties. This allows for easier configuration management without changing the Java code. The class was refactored to load these properties at startup while preserving the existing static access pattern to minimize code impact. - Files Affected:
test17july-back-b/authsec_springboot/backend/src/main/java/com/realnet/utils/Port_Constant.javatest17july-back-b/authsec_springboot/backend/src/main/resources/application.properties
-
SEC-002: Secure Storage of Sensitive Data
- Status: Done
- Description: Replaced plaintext secrets (API keys, passwords) in
application.propertieswith placeholders that can be populated from environment variables. This is a critical security improvement to prevent secrets from being committed to version control. - Files Affected:
test17july-back-b/authsec_springboot/backend/src/main/resources/application.properties
-
SEC-003: Use Session Storage in Frontend
- Status: Done
- Description: Modified
ForgotpassServiceto usesessionStorageinstead oflocalStoragefor storing the user's email during the password reset process.sessionStorageis more secure as it's cleared when the session ends, reducing the risk of XSS attacks accessing stored data. - Files Affected:
test17july-front-f/authsec_angular/frontend/angular-clarity-master/src/app/services/api/forgotpass.service.ts
Pending Tasks
- Review logging practices for sensitive information exposure.
- Analyze dependencies for known vulnerabilities.
- Implement CSRF protection if not already present and adequate.
- Review database query construction to prevent SQL injection (though using an ORM like Hibernate/JPA mitigates this).
- Performance analysis of database queries and API endpoints.