Security Details
- Uploaded content may persist to server disk temporarily and is encrypted at rest
- Data stored in our Postgres database is also encrypted at rest
Password Recommendations NIST 800-63
Password Guidelines are followed and exceeded, including:
- 8 character minimum
- >64 characters maximum – Using 128 limit, may be increased in the future
- All ASCII Characters – Using full UTF-8 support
- No password truncation
- Allow at least 10 password retries before lockout
- No complexity requirements
- No password expiration period
- No password hints
- No knowledge-based authentication
- No SMS for 2FA
Password Storage
Passwords are stored using PBKDF2 with HMAC-SHA256, 128-bit salt, 256-bit subkey, 10000 iterations by default.
Session
Sessions are stored as HTTPS-Only cookies, preventing them from being tampered by any possible 3rd party code.
Client Application
The client application is written using a framework with built-in protection against things such as cross-site scripting (XSS), all payloads are treated as plaintext by default and can only be executed if a developer explicitly tries to enable it. By design this is to be avoided, and any future requirements for this behavior will rely on server-side XSS sanitation.
Ask Us Anything. anytime.
Lorem ipsum dolor sit amet, constur ading elit. Nulla sit amet molestie nibh, vel suscipit felis.
- info@optimizedtech.com
- 770-312-1094