32 lines
765 B
Markdown
32 lines
765 B
Markdown
# Fat Kiss Security Checklist
|
|
|
|
## Production
|
|
- [x] HTTPS enforced (Let's Encrypt via certbot)
|
|
- [x] Cloudflare proxy (orange cloud)
|
|
- [x] Apache security headers
|
|
- [x] /admin/ noindex
|
|
- [x] No secrets in frontend code
|
|
- [x] .env files gitignored
|
|
|
|
## Contact Form
|
|
- [x] Turnstile client + server verification
|
|
- [x] Rate limiting
|
|
- [x] Honeypot field
|
|
- [x] Input sanitization
|
|
- [x] Category allowlist
|
|
- [x] CORS locked
|
|
|
|
## Admin
|
|
- [x] Gitea OAuth
|
|
- [x] MFA required
|
|
- [x] No server control exposed
|
|
- [x] Media path restricted
|
|
|
|
## To Do
|
|
- [ ] Configure Gitea webhook for auto-deploy
|
|
- [ ] Set up Turnstile site key in contact form
|
|
- [ ] Configure SMTP for contact handler
|
|
- [ ] Enable MFA on Amber's Gitea account
|
|
- [ ] Add CSP header
|
|
- [ ] Regular dependency updates
|