If you discover a security vulnerability in TolinoShare, please email security concerns to the maintainer instead of using the public issue tracker.

Do not publicly disclose the vulnerability until the maintainers have had reasonable time to address it.

✅ Password Hashing - Passwords stored using werkzeug's secure hashing
✅ Session Security - Flask sessions with strong SECRET_KEY
✅ File Validation - Input validation on all file uploads
✅ CSRF Protection - Can be enabled in Flask config
✅ SQL Injection Prevention - SQLAlchemy ORM prevents SQL injection
✅ No External Dependencies - Minimal trusted dependencies

• NEVER use the default change-me-in-production SECRET_KEY
• Generate a strong random key:

  python3 -c 'import secrets; print(secrets.token_hex(32))'

• Store in .env file (never commit to git)
• Rotate periodically

• Always use HTTPS in production
• Use Let's Encrypt for free SSL certificates
• Configure nginx reverse proxy with SSL

• Enforce strong passwords (in registration validation)
• Consider adding CAPTCHA to registration
• Rate-limit login attempts

• Validate all uploaded files
• Check MIME types and file extensions
• Scan for malicious content if possible
• Limit file size (currently 100MB)

• Backup regularly
• Store backups securely (encrypted)
• Consider PostgreSQL for production (vs SQLite)
• Restrict database file permissions

• Use firewall to restrict port access
• Don't expose 7847 to the internet without nginx/reverse proxy
• Use VPN or private network for sensitive deployments
• Monitor for suspicious login attempts

• Run container as non-root user (current does)
• Regular image updates: docker compose pull && docker compose up -d
• Don't bind to unnecessary ports
• Use read-only volumes where possible

• Implement IP whitelisting if needed
• Use reverse proxy authentication (nginx auth_basic)
• Monitor user activity logs
• Regular password updates for admin accounts

Current Dependencies:

• flask==3.0.3 - Web framework
• flask-sqlalchemy==3.1.1 - Database ORM
• werkzeug==3.0.3 - Security & utilities
• gunicorn==22.0.0 - WSGI server
• defusedxml==0.7.1 - XML parsing (prevents XXE)

Keep dependencies updated:

pip install --upgrade -r requirements.txt
docker compose down
docker compose build --no-cache
docker compose up -d

• SQLite is suitable for < 1000 concurrent users; use PostgreSQL for larger deployments
• No built-in rate limiting; implement at nginx level
• No audit logging; consider adding for compliance requirements
• File storage on local disk; use external storage (S3, NFS) for scalability

• SECRET_KEY changed and strong
• .env file created and added to .gitignore
• HTTPS/SSL configured with nginx
• Database backups automated
• Firewall rules configured
• Non-root Docker user in use
• Regular dependency updates scheduled
• User password policy enforced
• Login attempt rate limiting configured
• File upload validation tested

• No HIPAA compliance - Not suitable for medical data
• No PCI DSS compliance - Not for payment processing
• GDPR Ready - Can support data deletion (user library deletion)
• CCPA Ready - Can support user data export

• Current: v0.8
• Status: Stable
• Last Security Review: April 2026

For security questions or concerns:

• GitHub Issues: For non-sensitive questions
• Private email: For vulnerability reports

Remember: Security is a shared responsibility. Always stay updated on best practices and keep dependencies current.