-
Notifications
You must be signed in to change notification settings - Fork 27
Completed_Security_Tasks
movitto edited this page Jan 14, 2013
·
3 revisions
The Controller Audit is complete
We have implemented 3 rounds of Conductor Controller updates
We have implemented 2 rounds of Conductor Model updates
We are working on integrating the best practices gem in
- removed unused methods / templates / routes
- controller audit - validated the following for each application entry
point:
- user authentication
- authorization
- data validation
- functional w/out compromising data (does not expose data to unauthorized sink)
- completely secured the following controllers: application, permissions, images, hardware profiles, roles, config servers, providers, provider accounts, instances, users
- secured instances, credentials table
- associated images w/ pool families & enforce relevant restrictions to accessing them
Back to Hardening_the_app