75 lines
2.9 KiB
Markdown
75 lines
2.9 KiB
Markdown
# Password Manager Security Assignment
|
|
|
|
## About
|
|
|
|
This repository contains an improved and secured version of a simplified web-based password manager.
|
|
The project was developed in the context of a university assignment on Aristotle's University of Thessaloniki(AUTh) Information Systems Security class.
|
|
The original application intentionally contained multiple security vulnerabilities.
|
|
The purpose of this work was to identify, analyze, and mitigate these vulnerabilities using well-established security practices.
|
|
|
|
The application is implemented in PHP and uses a MySQL database for data storage.
|
|
The deployment is fully containerized using Docker and Docker Compose, ensuring reproducibility and ease of execution across different operating systems.
|
|
|
|
## Architecture Overview
|
|
|
|
The application is deployed as a multi-container system.
|
|
Each component has a clearly defined role and responsibility.
|
|
All services are isolated and communicate only through Docker-managed networks.
|
|
|
|
Components:
|
|
- Web Application (PHP)
|
|
- Database (MySQL)
|
|
- Reverse Proxy and HTTPS (Caddy)
|
|
|
|
## Deployment Instructions
|
|
|
|
The deployment process is identical for Linux and Windows.
|
|
The only requirement is a working Docker installation.
|
|
|
|
### Prerequisites
|
|
|
|
- Docker
|
|
- Docker Compose (included in modern Docker installations)
|
|
|
|
No additional software such as Apache, PHP, or MySQL is required on the host system.
|
|
|
|
### Deployment on Linux
|
|
|
|
1. Open a terminal.
|
|
2. Navigate to the project directory containing `docker-compose.yml`.
|
|
3. Run the following command:
|
|
```bash
|
|
docker compose up -d --build
|
|
```
|
|
4. Wait until all containers are built and started.
|
|
5. Access the application through your browser using: https://localhost
|
|
|
|
### Deployment on Windows
|
|
|
|
1. Install Docker Desktop for Windows.
|
|
2. Ensure that WSL2 is enabled (Docker Desktop will guide you automatically).
|
|
3. Open PowerShell or Command Prompt.
|
|
4. Navigate to the project directory containing docker-compose.yml.
|
|
5. Run the following command:
|
|
```bash
|
|
docker compose up -d --build
|
|
```
|
|
6. Once the containers are running, open a browser and navigate to: https://localhost
|
|
|
|
### Notes on Reproducibility
|
|
|
|
The use of Docker ensures that:
|
|
- The application behaves identically on all supported operating systems
|
|
- No manual configuration of web servers or databases is required
|
|
- Environment-specific issues are minimized
|
|
|
|
This approach allows evaluators to focus on the security aspects of the application rather than deployment complexity.
|
|
|
|
## Disclaimer
|
|
|
|
This project was developed solely for educational purposes.
|
|
It is provided "as is", without any express or implied warranties.
|
|
The author assumes no responsibility for any misuse, data loss, security incidents, or damages resulting from the use of this software.
|
|
This implementation should not be used in production environments.
|
|
|
|
All work, modifications, and security improvements are the sole responsibility of the author. |