groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-05-19 18:01:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Part-DB-server/templates/admin/update_manager
History
Sebastian Almberg dd8698840d Harden backup security: password confirmation, CSRF, env toggle 
Address security review feedback from jbtronics:

- Add IS_AUTHENTICATED_FULLY to all sensitive endpoints (create/delete
  backup, delete log, download backup, start update, restore)
- Change backup download from GET to POST with CSRF token
- Require password confirmation before downloading backups (backups
  contain sensitive data like password hashes and secrets)
- Add DISABLE_BACKUP_DOWNLOAD env var (default: disabled) to control
  whether backup downloads are allowed
- Add password confirmation modal with security warning in template
- Add comprehensive tests: auth checks, env var blocking, POST-only
  enforcement, status/progress endpoint auth
2026-03-05 19:06:54 +01:00
..
index.html.twig Harden backup security: password confirmation, CSRF, env toggle 2026-03-05 19:06:54 +01:00
log_viewer.html.twig Add Update Manager for automated Part-DB updates 2026-01-30 21:36:33 +01:00
progress.html.twig Allow to view progress view while update is running 2026-02-03 20:34:03 +01:00
release_notes.html.twig Add Update Manager for automated Part-DB updates 2026-01-30 21:36:33 +01:00