Notizen Annie ToDo's - SuQuoc/ft_transcendence GitHub Wiki

should we ask the user to accept cookies and else what should we do

django cron job um die nicht fertige anmeldungen oder otp zu bereinigen?

Is our algorithm for JWT the best choice - see JWS here Are we allowed to use simple JWT????

nginx error pages show "nginx" which we should avoid because it gives info the the attackers Also the responses show infos for example server: nginx https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#nginx

check if cookies secure: https://owasp.org/www-project-web-security-testing-guide/stable/4-Web_Application_Security_Testing/06-Session_Management_Testing/02-Testing_for_Cookies_Attributes

https://docs.djangoproject.com/en/5.1/howto/deployment/checklist/

https://docs.djangoproject.com/en/5.1/topics/email/#email-backends >> ist es sicher???