Security Section¶
This section contains security documentation and guidelines.
Contents¶
- Authentication - Auth mechanisms
- Authorization - RBAC and permissions
- Rate Limiting - Rate limit configuration
- OWASP - OWASP compliance
Security Principles¶
- Defense in Depth - Multiple layers of security
- Least Privilege - Minimum permissions needed
- Fail Secure - Default to deny on errors
- Security by Obscurity - Don't rely solely on secrets being hidden
Quick Reference¶
| Concern | Implementation |
|---|---|
| Auth | JWT + refresh tokens |
| Tenant isolation | Row-Level Security (RLS) |
| Password storage | bcrypt with salt |
| API rate limiting | Token bucket algorithm |
| Input validation | Pydantic schemas |
| SQL injection | SQLAlchemy ORM (parameterized) |
| CORS | Explicit allowed origins |
Key Security Files¶
| File | Description |
|---|---|
core/security.py |
JWT and auth utilities |
core/rate_limiter.py |
Rate limiting logic |
core/security_headers.py |
Security headers middleware |
Ver también: Deployment security · Multi-tenancy ADR