Skip to content

Security Issues

Ryan Malone edited this page Oct 28, 2024 · 11 revisions

Sensitive Information

Passwords

Cocky's Way understands the importance of passwords and the role they play in safeguarding users' private information. To ensure that user's passwords stay secure, we will enforce minimum password security requirements to ensure that passwords can't be easily guessed. In addition to this, we will use hashing algorithms within our app to ensure that passwords don't ever travel across networks in a way that could be understood by attackers. Passwords will never be stored in plaintext. By following these security practices, Cocky’s Way ensures that users’ passwords and personal information remain protected at all times, minimizing the risks of unauthorized access and data breaches.

Schedule Information

Cocky's Way understands that course schedule information is private information, and we take serious measures to ensure that it doesn't end up in the wrong hands. Utilizing account usernames and passwords (see above), we ensure that no user will be able to access schedule information that doesn't belong to them. In addition, personal identifiable information (such as names or emails) will never be stored in the same collection within Firestore. This ensures that even if someone were to gain access to a schedule, they would only see a unique identifier rather than a name. Lastly, schedule information from previous semesters will be deleted at the beginning of each new semester.

Other Possible Sensitive Information

Cocky’s Way is designed to avoid collecting unnecessary information. We are not in the business of stealing or storing data that isn’t essential to the functionality of our app. This approach minimizes the need for any additional sensitive information. However, if we do collect other types of data, rest assured that all information will be securely stored in our Firestore collections, inaccessible to other users, and will never be stored alongside any personally identifiable information.

Attack Vectors

Clone this wiki locally