sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e9253fbd8421c7d865606a0d51c95e7d4b2e5b3a
orion/SECURITY.md
Samir Boulahtit e9253fbd84 refactor: rename Wizamart to Orion across entire codebase 
Replace all ~1,086 occurrences of Wizamart/wizamart/WIZAMART/WizaMart
with Orion/orion/ORION across 184 files. This includes database
identifiers, email addresses, domain references, R2 bucket names,
DNS prefixes, encryption salt, Celery app name, config defaults,
Docker configs, CI configs, documentation, seed data, and templates.

Renames homepage-wizamart.html template to homepage-orion.html.
Fixes duplicate file_pattern key in api.yaml architecture rule.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 16:46:56 +01:00

1.7 KiB
Raw Blame History

Security Policy

Supported Versions

Version Supported
1.x.x

Reporting a Vulnerability

If you discover a security vulnerability in this project, please report it responsibly:

  1. Do not open a public issue
  2. Email the security team at: security@orion.lu
  3. Include:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

Response Timeline

  • Acknowledgment: Within 48 hours
  • Initial Assessment: Within 5 business days
  • Resolution Target: Within 30 days for critical issues

Security Measures

This application implements the following security measures:

Authentication & Authorization

  • JWT-based authentication with token expiration
  • Role-based access control (RBAC)
  • Store isolation (multi-tenant security)
  • Session management with secure cookies

Data Protection

  • Password hashing using bcrypt
  • API key encryption at rest
  • HTTPS enforcement in production
  • Input validation and sanitization

API Security

  • Rate limiting on authentication endpoints
  • CORS configuration
  • Request logging and audit trails
  • SQL injection prevention via ORM

Infrastructure

  • Environment-based configuration
  • Secrets management (no hardcoded credentials)
  • Database connection pooling
  • Error handling without information leakage

Security Updates

Security updates are released as patch versions and announced through:

  • Release notes
  • Security advisories (for critical issues)

Compliance

This application is designed with consideration for:

  • GDPR (data protection)
  • PCI-DSS awareness (payment handling delegated to processors)
  • OWASP Top 10 mitigation
Reference in New Issue View Git Blame Copy Permalink