generated from bisco/codex-bootstrap
bisco
35 lines
1.3 KiB
Markdown
35 lines
1.3 KiB
Markdown
# Security
|
|
|
|
HoopScout is initially intended for local or restricted-network use by a small private group.
|
|
|
|
## Authentication and Authorization
|
|
|
|
- API endpoints require an authenticated Django user.
|
|
- Django admin is enabled for controlled data management.
|
|
- Users have a profile role: `admin`, `scout`, or `viewer`.
|
|
- Role-specific authorization is not enforced beyond authentication in the MVP.
|
|
|
|
## Network Exposure
|
|
|
|
Local Compose exposes:
|
|
|
|
- backend on `8000`;
|
|
- frontend on `4200`;
|
|
- PostgreSQL only inside the Compose network.
|
|
|
|
## Secrets
|
|
|
|
`.env.example` contains placeholders only. Real local values must be stored in `.env`, which is ignored by Git.
|
|
|
|
## Containers
|
|
|
|
Backend and frontend containers run as non-root users. PostgreSQL uses the official image defaults and a named volume.
|
|
|
|
## Data Sources
|
|
|
|
The repository does not include credentials, scraping logic, or copied external datasets. RealGM, Proballers, and other provider data must be integrated only through authorized APIs or a documented compliant import process.
|
|
|
|
## Known Dependency Findings
|
|
|
|
`npm audit` reports moderate vulnerabilities through `webpack-dev-server -> sockjs -> uuid` in the Angular development toolchain, with no available fix at the time of implementation. The dev server is intended for local restricted use only and must not be exposed publicly.
|