Skip to content

Latest commit

 

History

History

README.md

Security

Security architecture for a local-first desktop application with an embedded database.

Contents

Document Description
Threat Model Attack vectors and risk assessment for a local-first app
Injection Prevention SQL injection analysis and prevention
Content Rendering XSS prevention when rendering imported content
Plugin Sandboxing Future plugin security architecture

Security Principles

  1. Parameterized queries always. User data never enters SQL strings directly.
  2. Read-only query path. The query command runs SELECT statements only.
  3. Sanitize rendered content. DOMPurify on all imported/user-generated HTML.
  4. Minimal Rust surface. Less code = less attack surface.