54 lines
6.9 KiB
Plaintext
54 lines
6.9 KiB
Plaintext
# Sensitive Data Handling - 20251123-080448
|
|
== Password storage columns ==
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/005_schema_separation.up.sql:124:-- "user=%s password=%s dbname=%s host=%s sslmode=%s search_path=%s",
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/005_schema_separation.up.sql:125:-- user, password, name, host, sslMode, schema
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:14:CREATE TYPE identity_type AS ENUM ('email_password', 'blockchain_address', 'did');
|
|
|
|
== bcrypt/hash usage (password hashing) ==
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:473: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:482: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:492: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:581: due_date, issued_date, paid_date, blockchain_tx_hash, ipfs_document_cid,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:640: blockchain_tx_hash = $10, ipfs_document_cid = $11, notes = $12
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:744: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:753: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:778: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:788: p.blockchain_tx_hash, p.blockchain_network, p.payment_processor, p.processor_fee,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:852: transaction_id, blockchain_tx_hash, blockchain_network,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/payment-service/main.go:877: blockchain_tx_hash, blockchain_network, payment_processor, processor_fee,
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:77: // Test hashing
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:78: hashed, err := hashPassword(password)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:80: t.Fatalf("hashPassword() error = %v", err)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:83: if hashed == "" {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:84: t.Error("hashPassword() returned empty string")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:87: if hashed == password {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:88: t.Error("hashPassword() did not hash the password")
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:92: if !checkPasswordHash(password, hashed) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main_test.go:97: if checkPasswordHash("wrongPassword", hashed) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:21: "golang.org/x/crypto/bcrypt"
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:29: maxPasswordLength = 72 // bcrypt limit
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:408: passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:410: http.Error(w, "Failed to hash password", http.StatusInternalServerError)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:617: if err := bcrypt.CompareHashAndPassword([]byte(passwordHash), []byte(req.Password)); err != nil {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:714: passwordHash, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:716: http.Error(w, "Failed to hash password", http.StatusInternalServerError)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1103:func hashPassword(password string) (string, error) {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1104: hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1108: return string(hash), nil
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1111:func checkPasswordHash(password, hash string) bool {
|
|
/home/administrator/projects/coppertone.tech/backend/functions/auth-service/main.go:1112: return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
|
|
|
|
== Encryption columns ==
|
|
No encryption found
|
|
|
|
== PII columns (email, phone, address, ssn) ==
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:5: email VARCHAR(255) UNIQUE, -- Nullable for blockchain-only users
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:10:-- Create index on email for faster lookups
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:11:CREATE INDEX idx_users_email ON users(email) WHERE email IS NOT NULL;
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:14:CREATE TYPE identity_type AS ENUM ('email_password', 'blockchain_address', 'did');
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/001_create_users_and_identities.up.sql:21: identifier VARCHAR(500) NOT NULL, -- Email, blockchain address, or DID
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:73: user_email VARCHAR(255), -- Denormalized for when user is deleted
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:77: ip_address INET,
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:198: req.email AS requester_email,
|
|
/home/administrator/projects/coppertone.tech/backend/migrations/004_approval_workflow_and_audit.up.sql:201: cli.email AS client_email,
|