Harden Project 01 public endpoints

This commit is contained in:
Andrie
2026-06-11 23:15:42 +07:00
parent a90748d9c1
commit 6f4488c1b8
39 changed files with 1183 additions and 612 deletions
+12
View File
@@ -82,3 +82,15 @@ http://localhost/webgis/01/
- Google Fonts
Dependensi frontend dimuat dari CDN, sehingga demo membutuhkan koneksi internet.
## Public Deployment Hardening
Before exposing `01/` publicly:
- Rotate the seeded admin password.
- Keep public users read-only.
- Confirm anonymous POST requests to `api/point`, `api/jalan`, `api/parsil`, and `api/choropleth` return `403`.
- Confirm `/01/setup_database.sql`, `/01/tests/`, `/01/docs/`, and dotfiles are not reachable by browser.
- Use a database user with limited app privileges in production.
Production database note: create a MariaDB user with privileges only on `db_webgis_01` and configure `APP_DB_USER` / `APP_DB_PASSWORD`. Do not run the public app with the root database user after initial setup.