inti project
This commit is contained in:
@@ -0,0 +1,15 @@
|
||||
# Security Readiness Review
|
||||
|
||||
Required checks before production rollout:
|
||||
|
||||
- Cross-school access tests pass.
|
||||
- Wrong-role access tests pass.
|
||||
- Payment file access is payment-scoped and authorized.
|
||||
- Bulk communication requires preview and confirmation token.
|
||||
- Report export requires explicit export permission.
|
||||
- Extension routes require `islamic_sunday_school` domain profile.
|
||||
- Sensitive Islamic Sunday School profile fields require explicit permission.
|
||||
- Provider callbacks are signature-verified where applicable.
|
||||
- Risky endpoints have rate limits.
|
||||
|
||||
High-risk extension data includes imam/admin sensitive notes, Qur'an/Arabic/Islamic studies placement details, scholarship/sadaqah support indicators, family/community profile notes, and guardian contact information.
|
||||
Reference in New Issue
Block a user