front end

• functions/modules/federation/module.js
• functions/modules/federation/module.css
• everywhere that exists a <?php echo $_SESSION['empireId']> instead you should write getEmpireId()
  • this also applies to other session variables

back end

• endpoint protection

  • sanitization
  • validation
    • is going to take the most work
    • will require us to define the data type of all inputs for every primary operation, and then, at the start of each operation, validate the input data against the data type we have defined.
    • if validation fails at any point, simply reject the request.
    • $someString = "INSERT " . $someNumberThatIsActuallyAstring . " INTO empire";

• tech debt

  • docker

• apparmor

docker

https://i.imgur.com/boqKGix.png
for sharing filesystems between containers.
ex: share database /var/lib/mysql folders between db instances
ex: no need to change application code file pathing. just continue to read from /media and the container takes care of linking that folder to a volume that is on s3

securing sessions

• use redis (or mysql) session storage system
• instead of using empire id on the front end, we should be hashing the empire id and the source ip address and using that as a lookup.
• for sensitive operations, we can confirm that the empire that we are looking for is indeed using the correct token by hashing the empireID in session storage with the requesting ip and comparing that to the session id for a give requeust.