sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
332960de30b40dd7171ec6d0724dfef4e34f86bd
orion/SECURITY.md
Samir Boulahtit e9253fbd84 refactor: rename Wizamart to Orion across entire codebase 
Replace all ~1,086 occurrences of Wizamart/wizamart/WIZAMART/WizaMart
with Orion/orion/ORION across 184 files. This includes database
identifiers, email addresses, domain references, R2 bucket names,
DNS prefixes, encryption salt, Celery app name, config defaults,
Docker configs, CI configs, documentation, seed data, and templates.

Renames homepage-wizamart.html template to homepage-orion.html.
Fixes duplicate file_pattern key in api.yaml architecture rule.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 16:46:56 +01:00

67 lines
1.7 KiB
Markdown
Raw Blame History

# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 1.x.x | :white_check_mark: |
## Reporting a Vulnerability
If you discover a security vulnerability in this project, please report it responsibly:
1. **Do not** open a public issue
2. Email the security team at: security@orion.lu
3. Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
## Response Timeline
- **Acknowledgment**: Within 48 hours
- **Initial Assessment**: Within 5 business days
- **Resolution Target**: Within 30 days for critical issues
## Security Measures
This application implements the following security measures:
### Authentication & Authorization
- JWT-based authentication with token expiration
- Role-based access control (RBAC)
- Store isolation (multi-tenant security)
- Session management with secure cookies
### Data Protection
- Password hashing using bcrypt
- API key encryption at rest
- HTTPS enforcement in production
- Input validation and sanitization
### API Security
- Rate limiting on authentication endpoints
- CORS configuration
- Request logging and audit trails
- SQL injection prevention via ORM
### Infrastructure
- Environment-based configuration
- Secrets management (no hardcoded credentials)
- Database connection pooling
- Error handling without information leakage
## Security Updates
Security updates are released as patch versions and announced through:
- Release notes
- Security advisories (for critical issues)
## Compliance
This application is designed with consideration for:
- GDPR (data protection)
- PCI-DSS awareness (payment handling delegated to processors)
- OWASP Top 10 mitigation
Reference in New Issue View Git Blame Copy Permalink