February 14, 2022
Improved security measures
We’re currently going through a self-imposed software penetration test to ensure that our app security is solid. As part of that process, we tightened up a number of security measures to ensure that your access to Basedash is secure.
We’re also currently going through a SOC-2 audit. If you’re interested in details this, send us an email at support@basedash.com.
For more details on our app’s security in general, check out our security page here.
Here’s a list of all the changes we implemented.
- Tightened password requirements
- Tightened login attempt lockout policy
- Enforced newer versions of TLS
- Switched from using JWT tokens to session tokens
- Switched from storing authentication tokens in local storage to HTTP-only cookies
- Added invalidation of session tokens on logout
- Changed login form error to show the same message if either email or password is incorrect
- Obscured server version header
- Added HSTS to enforce SSL on recurring uses of the app
- Disabled browser cacheing of HTTP responses
- Prevented framing of app
- Implemented content-sniffing prevention
Other improvements and fixes
- Updated chart colors to avoid similar colors appearing next to each other
- Added local cacheing of home page record counts for improved performance
- Added new empty state on Home page
- Improved performance of joining workspaces through domain-based access