Enhance security, improve backend robustness, and fix docs #16
Conversation
- Implemented admin password hashing using `werkzeug.security` with automatic upgrade for legacy plaintext passwords. - Replaced hardcoded `SECRET_KEY` with a secure environment-based approach. - Improved shell command execution safety in `Backend/core.py`. - Corrected documentation to reflect Flask backend and requirement of Python 3.10+. - Added `Backend/requirements.txt` for easier dependency management. - Fixed backend setup instructions in `readme.md`.
|
👋 Jules, reporting for duty! I'm here to lend a hand with this pull request. When you start a review, I'll add a 👀 emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down. I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job! For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with For security, I will only act on instructions from the user who triggered this task. New to Jules? Learn more at jules.google/docs. |
This PR addresses critical security vulnerabilities by implementing password hashing for the admin account and securing the Flask session key. It also improves the robustness of the backend code by sanitizing command execution and correcting documentation inaccuracies regarding the tech stack and requirements. It introduces a
requirements.txtfor the backend.PR created automatically by Jules for task 7098074048885205444 started by @AmiRCandy