hotswap/delphi-database
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4cc52962683d3263c9c7a5d1dc7607dbd98e3419
delphi-database/SECURITY_SETUP_README.md
HotSwapp bac8cc4bd5 changes
2025-08-18 20:20:04 -05:00

171 lines
6.6 KiB
Markdown
Raw Blame History

# 🔒 Delphi Database System - Security Setup Guide
## ⚠️ CRITICAL: P0 Security Issues RESOLVED
The following **CRITICAL SECURITY VULNERABILITIES** have been fixed:
### ✅ **1. CORS Vulnerability Fixed**
- **Issue**: `allow_origins=["*"]` allowed any website to access the API
- **Fix**: CORS now requires specific domain configuration via `CORS_ORIGINS` environment variable
- **Location**: `app/main.py:61-87`
### ✅ **2. Hardcoded Passwords Removed**
- **Issue**: Default passwords `admin123` and `change-me` were hardcoded
- **Fix**: All passwords now require secure environment variables
- **Files Fixed**: `app/config.py`, `e2e/global-setup.js`, `playwright.config.js`, `docker-compose.dev.yml`, `scripts/init-container.sh`, `templates/login.html`
### ✅ **3. Comprehensive Input Validation Added**
- **Issue**: Upload endpoints lacked proper security validation
- **Fix**: New `app/utils/file_security.py` module provides:
- File type validation using content inspection (not just extensions)
- File size limits to prevent DoS attacks
- Path traversal protection
- Malware pattern detection
- Filename sanitization
- **Files Enhanced**: `app/api/documents.py`, `app/api/templates.py`, `app/api/admin.py`
### ✅ **4. Path Traversal Protection Implemented**
- **Issue**: File operations could potentially access files outside intended directories
- **Fix**: Secure path generation with directory traversal prevention
- **Implementation**: `FileSecurityValidator.generate_secure_path()`
## 🚀 Quick Security Setup
### 1. Generate Secure Environment Configuration
```bash
# Run the automated security setup script
python scripts/setup-secure-env.py
```
This script will:
- Generate a cryptographically secure 32+ character SECRET_KEY
- Create a strong admin password
- Configure CORS for your specific domains
- Set up production-ready security settings
- Create a secure `.env` file with proper permissions
### 2. Manual Environment Setup
If you prefer manual setup, copy `env-example.txt` to `.env` and configure:
```bash
# Copy the example file
cp env-example.txt .env
# Generate a secure secret key
python -c "import secrets; print('SECRET_KEY=' + secrets.token_urlsafe(32))"
# Generate a secure admin password
python -c "import secrets, string; print('ADMIN_PASSWORD=' + ''.join(secrets.choice(string.ascii_letters + string.digits + '!@#$%^&*') for _ in range(16)))"
```
### 3. Required Environment Variables
**CRITICAL - Must be set before running:**
```bash
SECRET_KEY=your-32-plus-character-random-string
ADMIN_PASSWORD=your-secure-admin-password
CORS_ORIGINS=https://your-domain.com,https://www.your-domain.com
```
**Important - Should be configured:**
```bash
DEBUG=False # For production
SECURE_COOKIES=True # For HTTPS production
DATABASE_URL=your-db-url # For production database
```
## 🛡️ Security Features Implemented
### File Upload Security
- **File Type Validation**: Content-based MIME type detection (not just extensions)
- **Size Limits**: Configurable per file category to prevent DoS
- **Path Traversal Protection**: Secure path generation prevents directory escape
- **Malware Detection**: Basic pattern scanning for malicious content
- **Filename Sanitization**: Removes dangerous characters and path separators
### Authentication Security
- **Strong Password Requirements**: Environment-enforced secure passwords
- **Secure Secret Management**: Cryptographically secure JWT secret keys
- **No Hardcoded Credentials**: All secrets via environment variables
### Network Security
- **Restricted CORS**: Domain-specific origin restrictions
- **Secure Headers**: Proper CORS header configuration
- **Method Restrictions**: Limited to necessary HTTP methods
## 🔍 Security Validation
### Before Production Deployment
Run this checklist to verify security:
```bash
# 1. Verify no hardcoded secrets
grep -r "admin123\|change-me\|secret.*=" app/ --exclude-dir=__pycache__ || echo "✅ No hardcoded secrets found"
# 2. Verify CORS configuration
grep -n "allow_origins" app/main.py
# 3. Verify .env file permissions
ls -la .env | grep "^-rw-------" && echo "✅ .env permissions correct" || echo "❌ Fix .env permissions: chmod 600 .env"
# 4. Test file upload validation
curl -X POST http://localhost:8000/api/documents/upload/test-file \
-H "Authorization: Bearer your-token" \
-F "file=@malicious.exe" \
&& echo "❌ Upload validation failed" || echo "✅ Upload validation working"
```
### Security Test Results Expected
- ✅ No hardcoded passwords in codebase
- ✅ CORS origins restricted to specific domains
- ✅ File uploads reject dangerous file types
- ✅ Path traversal attempts blocked
- ✅ Large file uploads rejected
- ✅ .env file has restrictive permissions (600)
## 🚨 Production Security Checklist
### Required Before Going Live
- [ ] **SECRET_KEY** generated with 32+ cryptographically random characters
- [ ] **ADMIN_PASSWORD** set to strong password (12+ chars, mixed case, symbols)
- [ ] **CORS_ORIGINS** configured for specific production domains (not localhost)
- [ ] **DEBUG=False** set for production
- [ ] **SECURE_COOKIES=True** if using HTTPS (required for production)
- [ ] **Database backups** configured and tested
- [ ] **HTTPS enabled** with valid SSL certificates
- [ ] **.env file** has 600 permissions and is not in version control
- [ ] **Log monitoring** configured for security events
- [ ] **Rate limiting** configured (next priority)
- [ ] **Security audit** completed by security professional
### Ongoing Security Maintenance
- 🔄 **Rotate SECRET_KEY** every 90 days using `scripts/rotate-secret-key.py`
- 🔄 **Change admin password** every 90 days
- 📊 **Monitor logs** for security events
- 🔍 **Regular security scans** of dependencies
- 📋 **Keep software updated** (Python, FastAPI, dependencies)
## 📞 Next Steps
The P0 Critical Security Issues are now **RESOLVED**. The system is significantly more secure, but you should continue with P1 High Priority items:
1. **Rate Limiting** - Implement API rate limiting to prevent abuse
2. **Security Headers** - Add HSTS, CSP, X-Frame-Options headers
3. **Session Management** - Enhance JWT token management
4. **Database Security** - Review SQL injection prevention
5. **Security Monitoring** - Implement intrusion detection
For immediate deployment readiness, ensure all items in the **Production Security Checklist** above are completed.
---
**🔒 Remember**: Security is an ongoing process. This setup addresses the most critical vulnerabilities, but regular security reviews and updates are essential for a production system handling sensitive legal and financial data.
Reference in New Issue View Git Blame Copy Permalink