encryption

2025-10-02 16:25:31 -04:00
parent 2a6228629a
commit dfa857c131
4 changed files with 25 additions and 7 deletions
--- a/README.md
+++ b/README.md
@@ -172,13 +172,15 @@ The application uses SQLite with the following schema:

 ⚠️ **For Production Use**:

-1. Change the default admin credentials
-2. Implement proper password hashing (bcrypt, argon2, etc.)
-3. Use a strong `AUTH_SECRET` in environment variables
+1. Change the default admin credentials in your `.env` file
+2. ✅ Password hashing is implemented using bcrypt
+3. Use a strong `AUTH_SECRET` in environment variables (generate with `openssl rand -hex 32`)
 4. Enable HTTPS
 5. Consider implementing rate limiting
 6. Add CSRF protection

+**Note**: Passwords are now securely hashed using bcrypt with 10 salt rounds before being stored in the database.
+
 ## Docker Commands

 ```bash