6.6 KiB
6.6 KiB
🔒 Delphi Database System - Security Setup Guide
⚠️ CRITICAL: P0 Security Issues RESOLVED
The following CRITICAL SECURITY VULNERABILITIES have been fixed:
✅ 1. CORS Vulnerability Fixed
- Issue:
allow_origins=["*"]allowed any website to access the API - Fix: CORS now requires specific domain configuration via
CORS_ORIGINSenvironment variable - Location:
app/main.py:61-87
✅ 2. Hardcoded Passwords Removed
- Issue: Default passwords
admin123andchange-mewere hardcoded - Fix: All passwords now require secure environment variables
- Files Fixed:
app/config.py,e2e/global-setup.js,playwright.config.js,docker-compose.dev.yml,scripts/init-container.sh,templates/login.html
✅ 3. Comprehensive Input Validation Added
- Issue: Upload endpoints lacked proper security validation
- Fix: New
app/utils/file_security.pymodule provides:- File type validation using content inspection (not just extensions)
- File size limits to prevent DoS attacks
- Path traversal protection
- Malware pattern detection
- Filename sanitization
- Files Enhanced:
app/api/documents.py,app/api/templates.py,app/api/admin.py
✅ 4. Path Traversal Protection Implemented
- Issue: File operations could potentially access files outside intended directories
- Fix: Secure path generation with directory traversal prevention
- Implementation:
FileSecurityValidator.generate_secure_path()
🚀 Quick Security Setup
1. Generate Secure Environment Configuration
# Run the automated security setup script
python scripts/setup-secure-env.py
This script will:
- Generate a cryptographically secure 32+ character SECRET_KEY
- Create a strong admin password
- Configure CORS for your specific domains
- Set up production-ready security settings
- Create a secure
.envfile with proper permissions
2. Manual Environment Setup
If you prefer manual setup, copy env-example.txt to .env and configure:
# Copy the example file
cp env-example.txt .env
# Generate a secure secret key
python -c "import secrets; print('SECRET_KEY=' + secrets.token_urlsafe(32))"
# Generate a secure admin password
python -c "import secrets, string; print('ADMIN_PASSWORD=' + ''.join(secrets.choice(string.ascii_letters + string.digits + '!@#$%^&*') for _ in range(16)))"
3. Required Environment Variables
CRITICAL - Must be set before running:
SECRET_KEY=your-32-plus-character-random-string
ADMIN_PASSWORD=your-secure-admin-password
CORS_ORIGINS=https://your-domain.com,https://www.your-domain.com
Important - Should be configured:
DEBUG=False # For production
SECURE_COOKIES=True # For HTTPS production
DATABASE_URL=your-db-url # For production database
🛡️ Security Features Implemented
File Upload Security
- File Type Validation: Content-based MIME type detection (not just extensions)
- Size Limits: Configurable per file category to prevent DoS
- Path Traversal Protection: Secure path generation prevents directory escape
- Malware Detection: Basic pattern scanning for malicious content
- Filename Sanitization: Removes dangerous characters and path separators
Authentication Security
- Strong Password Requirements: Environment-enforced secure passwords
- Secure Secret Management: Cryptographically secure JWT secret keys
- No Hardcoded Credentials: All secrets via environment variables
Network Security
- Restricted CORS: Domain-specific origin restrictions
- Secure Headers: Proper CORS header configuration
- Method Restrictions: Limited to necessary HTTP methods
🔍 Security Validation
Before Production Deployment
Run this checklist to verify security:
# 1. Verify no hardcoded secrets
grep -r "admin123\|change-me\|secret.*=" app/ --exclude-dir=__pycache__ || echo "✅ No hardcoded secrets found"
# 2. Verify CORS configuration
grep -n "allow_origins" app/main.py
# 3. Verify .env file permissions
ls -la .env | grep "^-rw-------" && echo "✅ .env permissions correct" || echo "❌ Fix .env permissions: chmod 600 .env"
# 4. Test file upload validation
curl -X POST http://localhost:8000/api/documents/upload/test-file \
-H "Authorization: Bearer your-token" \
-F "file=@malicious.exe" \
&& echo "❌ Upload validation failed" || echo "✅ Upload validation working"
Security Test Results Expected
- ✅ No hardcoded passwords in codebase
- ✅ CORS origins restricted to specific domains
- ✅ File uploads reject dangerous file types
- ✅ Path traversal attempts blocked
- ✅ Large file uploads rejected
- ✅ .env file has restrictive permissions (600)
🚨 Production Security Checklist
Required Before Going Live
- SECRET_KEY generated with 32+ cryptographically random characters
- ADMIN_PASSWORD set to strong password (12+ chars, mixed case, symbols)
- CORS_ORIGINS configured for specific production domains (not localhost)
- DEBUG=False set for production
- SECURE_COOKIES=True if using HTTPS (required for production)
- Database backups configured and tested
- HTTPS enabled with valid SSL certificates
- .env file has 600 permissions and is not in version control
- Log monitoring configured for security events
- Rate limiting configured (next priority)
- Security audit completed by security professional
Ongoing Security Maintenance
- 🔄 Rotate SECRET_KEY every 90 days using
scripts/rotate-secret-key.py - 🔄 Change admin password every 90 days
- 📊 Monitor logs for security events
- 🔍 Regular security scans of dependencies
- 📋 Keep software updated (Python, FastAPI, dependencies)
📞 Next Steps
The P0 Critical Security Issues are now RESOLVED. The system is significantly more secure, but you should continue with P1 High Priority items:
- Rate Limiting - Implement API rate limiting to prevent abuse
- Security Headers - Add HSTS, CSP, X-Frame-Options headers
- Session Management - Enhance JWT token management
- Database Security - Review SQL injection prevention
- Security Monitoring - Implement intrusion detection
For immediate deployment readiness, ensure all items in the Production Security Checklist above are completed.
🔒 Remember: Security is an ongoing process. This setup addresses the most critical vulnerabilities, but regular security reviews and updates are essential for a production system handling sensitive legal and financial data.