Improved security measures

Screenshot of the login page for Basedash.

February 14, 2022

Improved security measures

We’re currently going through a self-imposed software penetration test to ensure that our app security is solid. As part of that process, we tightened up a number of security measures to ensure that your access to Basedash is secure.

We’re also currently going through a SOC-2 audit. If you’re interested in details this, send us an email at support@basedash.com.

For more details on our app’s security in general, check out our security page here.

Here’s a list of all the changes we implemented.

  • Tightened password requirements
  • Tightened login attempt lockout policy
  • Enforced newer versions of TLS
  • Switched from using JWT tokens to session tokens
  • Switched from storing authentication tokens in local storage to HTTP-only cookies
  • Added invalidation of session tokens on logout
  • Changed login form error to show the same message if either email or password is incorrect
  • Obscured server version header
  • Added HSTS to enforce SSL on recurring uses of the app
  • Disabled browser cacheing of HTTP responses
  • Prevented framing of app
  • Implemented content-sniffing prevention

Other improvements and fixes

  • Updated chart colors to avoid similar colors appearing next to each other
  • Added local cacheing of home page record counts for improved performance
  • Added new empty state on Home page
  • Improved performance of joining workspaces through domain-based access
Full changelog →

Ship your product faster.
Worry about internal tools less.

No credit card required.