Jukka Lampikoski
8a07689a1f
- .htaccess: HTTPS enforcement, security headers, block sensitive files - data/.htaccess: deny all direct access to data directory - Secure session settings (httponly, secure, strict mode, samesite) - Rate limiting on login (10 attempts per 15 min per IP) - Math captcha on login form (server-side validated) - Password reset via email with token (1 hour expiry) - Forgot password UI with reset link flow - Email field added to user management - Updated .gitignore for reset_tokens.json and login_attempts.json Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
9 lines
148 B
Plaintext
9 lines
148 B
Plaintext
data/customers.json
|
|
data/users.json
|
|
data/changelog.json
|
|
data/archive.json
|
|
data/reset_tokens.json
|
|
data/login_attempts.json
|
|
data/backups/
|
|
data/files/
|