From f80c19c18eb01ed7e7c6f44cc25535c14659ba20 Mon Sep 17 00:00:00 2001
From: pacien
Date: Wed, 28 Jul 2021 16:58:54 +0200
Subject: docs: add security remarks

---
 readme.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/readme.md b/readme.md
index 6fab8d8..1508142 100644
--- a/readme.md
+++ b/readme.md
@@ -182,6 +182,26 @@ thread-local global variables.
 * SQL injections are prevented by using proper query parameters substitution,
   automatically handled by the embrace and psycopg libraries.
 
+* Passwords are salted and hashed when stored in the database to ensure some
+  minimal protection of the [data at rest]. The hashing is handled by the
+  [passlib] library, which also covers algorithm migrations.
+
+* Cross-Site Request Forgery ([CSRF]) attacks are mitigated through the
+  conjunctive use of POST requests for user actions and [SameSite] restrictions
+  for session cookies. (_note: this will become a sufficient protection only
+  when support in browsers will become ubiquitous_).
+
+* In its current state, the application does not implement any kind of rate
+  limiting. Such restriction would be needed for real world applications in
+  order to mitigate account password brute-force attacks, but also to prevent
+  users from avoiding transfer fees by sending many small unbilled
+  transactions.
+
+[data at rest]: https://en.wikipedia.org/wiki/Data_at_rest
+[passlib]: https://passlib.readthedocs.io/en/stable/
+[CSRF]: https://owasp.org/www-community/attacks/csrf
+[SameSite]: https://owasp.org/www-community/SameSite
+
 
 ## Development environment
 
-- 
cgit v1.2.3