Testing: Safety & Security - CBTYoung/Documentation GitHub Wiki

We will support two security options:

if the patient does not have a therapist (is a guest), their data will be stored locally:

We will test it by querying our local data storage for information after removing it from the program. This includes previous reports, a draft, and achievements. We will have dedicated tests for each of them, including success and failure.

If the patient does have a therapist, the data will be sent to an external, secured database, which will contain only relevant information:

We will test it by querying the external database the same way we did our local storage.

The database will have Row Level Security (RLS), which will authorize querying only relevant rows:

We will try to test access to supposedly unaccessible information, with failure and success tests. We expect to not be able to access information about other patients as a therapist and a patient.

To login as a patient, the user will need to input login details (username, password, etc.) which will be verified on the external database:

We will query the external database with right and wrong login details.

Personal information (such as name, email, etc.) will be encrypted before being sent to the database:

We will check to see if the returned data matches the sent data, and expect them to differ.