Security Issues - SCCapstone/CapstoneProject GitHub Wiki

Sensitive information kept in our database includes names, email addresses, social media usernames, housing information (rough location), and, potentially, photos. None of the above information will be accessible by anyone who is not the user to whom it pertains or an authorized and authenticated cohabitant of that user. We plan to ensure this by enforcing minimum password length, prohibiting duplicate accounts (no two accounts may use the same email address), and protecting against SQL injection and cross-site scripting by filtering and sanitizing user input and using parameterized queries. Root access to our server by unauthorized users will be prevented by using a long and complex password for access and by the security measures implemented by Forge at their data centers.