Skip to content

Security Section

This section contains security documentation and guidelines.

Contents

Security Principles

  1. Defense in Depth - Multiple layers of security
  2. Least Privilege - Minimum permissions needed
  3. Fail Secure - Default to deny on errors
  4. Security by Obscurity - Don't rely solely on secrets being hidden

Quick Reference

Concern Implementation
Auth JWT + refresh tokens
Tenant isolation Row-Level Security (RLS)
Password storage bcrypt with salt
API rate limiting Token bucket algorithm
Input validation Pydantic schemas
SQL injection SQLAlchemy ORM (parameterized)
CORS Explicit allowed origins

Key Security Files

File Description
core/security.py JWT and auth utilities
core/rate_limiter.py Rate limiting logic
core/security_headers.py Security headers middleware

Ver también: Deployment security · Multi-tenancy ADR