Container Security
Production containers run with maximum restriction:| Measure | Setting | Purpose |
|---|---|---|
| Read-only filesystem | read_only: true | Prevents runtime file modifications |
| No new privileges | security_opt: no-new-privileges:true | Prevents privilege escalation |
| Drop all capabilities | cap_drop: ALL | Minimizes Linux capabilities |
| Non-root user | Custom user | Prevents root-level access |
| Resource limits | CPU + memory caps | Prevents resource exhaustion |
| Health checks | Every 10 seconds | Automatic restart on failure |
Application Security
Authentication
- CSRF tokens on all state-changing endpoints
- Rate limiting — 20 req/min per IP on auth endpoints
- Session security — HttpOnly, SameSite, Secure cookies
- Input validation — email normalization, token format checks, body size limits
API
- Security headers — X-Content-Type-Options, X-Frame-Options, Referrer-Policy
- CORS — configured for specific origins only
- ReadHeaderTimeout — prevents slowloris attacks
- WebSocket origin validation — prevents cross-site WebSocket hijacking
Data
- Passwords — No password storage (OAuth and magic link only)
- Prices in cents — Integer storage prevents floating-point precision issues
- Prepared statements — pgx parameterized queries prevent SQL injection
- Session data in Redis — no sensitive data in cookies
Production Checklist
Environment
Environment
-
SESSION_SECRETis a strong random value (32+ bytes) -
BASE_URLuses HTTPS -
DB_SSLMODEis set torequireorverify-full - Database passwords are strong and unique
- Redis password is set
-
.envfile is not committed to version control
OAuth
OAuth
- OAuth callback URLs use HTTPS
- Client secrets are stored securely
- Unused providers are disabled (no credentials = disabled)
Infrastructure
Infrastructure
- Containers run with production security settings
- Database is not exposed to the public internet
- Redis is not exposed to the public internet
- TLS termination is configured (reverse proxy or load balancer)
- Regular backups are scheduled
Monitoring
Monitoring
- Health check endpoint is monitored
- Application logs are collected
- Error alerting is configured
- Resource usage is tracked