diff --git a/passman-dev/LICENCE b/passman-dev/LICENCE new file mode 100644 index 0000000..7d9c8af --- /dev/null +++ b/passman-dev/LICENCE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2026 Christos Choutouridis + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/passman-dev/Readme.md b/passman-dev/Readme.md new file mode 100644 index 0000000..d378fcd --- /dev/null +++ b/passman-dev/Readme.md @@ -0,0 +1,120 @@ +# Password Manager Security Assignment + +## About + +This repository contains an improved and secured version of a simplified web-based password manager. +The project was developed in the context of a university assignment on Aristotle's University of Thessaloniki(AUTh) Information Systems Security class. +The original application intentionally contained multiple security vulnerabilities. +The purpose of this work was to identify, analyze, and mitigate these vulnerabilities using well-established security practices. + +The application is implemented in PHP and uses a MySQL database for data storage. +The deployment is fully containerized using Docker and Docker Compose, ensuring reproducibility and ease of execution across different operating systems. + +--- + +## Architecture Overview + +The application is deployed as a multi-container system. +Each component has a clearly defined role and responsibility. +All services are isolated and communicate only through Docker-managed networks. + +--- + +## Components + +### Web Application (PHP) + +The web service hosts the PHP-based password manager application. +It is responsible for: +- User authentication and session handling +- Secure storage and retrieval of credentials +- Input validation and output sanitization +- Interaction with the database through restricted credentials + +The PHP application runs inside its own container and does not expose any ports directly to the host system. + +--- + +### Database (MySQL) + +The database service provides persistent storage for: +- User accounts +- Stored credentials +- Application data + +Security improvements include: +- Use of a dedicated database user with limited privileges +- Separation of database credentials via environment variables +- Isolation of the database service from direct external access + +--- + +### Reverse Proxy and HTTPS (Caddy) + +Caddy is used as a reverse proxy in front of the web application. +It provides: +- Automatic HTTP to HTTPS redirection +- Internal TLS certificate generation +- Secure termination of HTTPS connections +- Optional security-related HTTP headers + +All external access to the application is handled exclusively by Caddy. + +--- + +## Deployment Instructions + +The deployment process is identical for Linux and Windows. +The only requirement is a working Docker installation. + +--- + +## Prerequisites + +- Docker +- Docker Compose (included in modern Docker installations) + +No additional software such as Apache, PHP, or MySQL is required on the host system. + +--- + +## Deployment on Linux + +1. Open a terminal. +2. Navigate to the project directory containing `docker-compose.yml`. +3. Run the following command: + ```bash + docker compose up -d --build + ``` +4. Wait until all containers are built and started. +5. Access the application through your browser using: https://localhost + +## Deployment on Windows + +1. Install Docker Desktop for Windows. +2. Ensure that WSL2 is enabled (Docker Desktop will guide you automatically). +3. Open PowerShell or Command Prompt. +4. Navigate to the project directory containing docker-compose.yml. +5. Run the following command: + ```bash + docker compose up -d --build + ``` +6. Once the containers are running, open a browser and navigate to: https://localhost + +## Notes on Reproducibility + +The use of Docker ensures that: +- The application behaves identically on all supported operating systems +- No manual configuration of web servers or databases is required +- Environment-specific issues are minimized + +This approach allows evaluators to focus on the security aspects of the application rather than deployment complexity. + +## Disclaimer + +This project was developed solely for educational purposes. +It is provided "as is", without any express or implied warranties. +The author assumes no responsibility for any misuse, data loss, security incidents, or damages resulting from the use of this software. +This implementation should not be used in production environments. + +All work, modifications, and security improvements are the sole responsibility of the author. \ No newline at end of file