Skip to content

jfmario/CSCIA591-SecureNotes1

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
static/css
static/css
 
 
templates
templates
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
app.py
app.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

VibeNotes

A secure web application for managing notes, built with Flask and PostgreSQL.

Features

  • User registration and authentication
  • Secure password hashing using Werkzeug
  • Session-based authentication
  • Modern, responsive UI with pure HTML/CSS

Prerequisites

  • Python 3.8 or higher
  • PostgreSQL database
  • pip (Python package manager)

Installation

  1. Clone the repository:
cd SecureNotes1
  1. Create a virtual environment (recommended):
python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate
  1. Install dependencies:
pip install -r requirements.txt
  1. Set up environment variables (optional):
cp .env.example .env
# Edit .env and set your SECRET_KEY

  1. Ensure PostgreSQL is running and the database exists:

    • Host: localhost
    • Port: 5432
    • Username: postgres
    • Password: password
    • Database: securenotes1

  2. Run the application:

python app.py

The application will be available at http://localhost:5000

Security Features

  • Password Hashing: Passwords are hashed using Werkzeug's secure password hashing (PBKDF2)
  • Session Security:
    • HTTP-only cookies (prevents XSS attacks)
    • Secure cookies in production (HTTPS only)
    • SameSite cookie attribute (CSRF protection)
  • Input Validation: Username and password validation with length and character restrictions
  • SQL Injection Protection: Using SQLAlchemy ORM with parameterized queries
  • Timing Attack Prevention: Consistent error messages to prevent user enumeration

Production Deployment

Before deploying to production:

  1. Set a strong SECRET_KEY environment variable
  2. Set FLASK_ENV=production to enable secure cookies
  3. Use HTTPS/SSL certificates
  4. Configure a production WSGI server (e.g., Gunicorn)
  5. Set up proper database connection pooling
  6. Enable rate limiting for login/registration endpoints
  7. Set up logging and monitoring
  8. Use environment variables for sensitive configuration

Project Structure

SecureNotes1/
├── app.py                 # Main Flask application
├── requirements.txt       # Python dependencies
├── templates/             # HTML templates
│   ├── base.html
│   ├── login.html
│   ├── register.html
│   └── dashboard.html
├── static/               # Static files
│   └── css/
│       └── style.css
├── .env.example          # Example environment variables
├── .gitignore            # Git ignore file
└── README.md             # This file

Database Schema

Users Table

  • id: Integer (Primary Key)
  • username: String (Unique, Indexed)
  • password_hash: String (Hashed password)
  • created_at: DateTime (Auto-generated)

License

This project is open source and available for personal use.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages