1
0
Commit Graph

2 Commits

Author SHA1 Message Date
fs
2b9ed78efd fix(security): harden production PHP configuration
- expose_php=Off — hide PHP version from response headers
- allow_url_include=Off — prevent remote file inclusion
- open_basedir=/var/www:/tmp — restrict filesystem access
- disable_functions — block shell execution functions not used by the app
- Session hardening: strict_mode, httponly, secure, samesite=Lax,
  use_only_cookies, 48-char session IDs with 6 bits/char

Note: allow_url_fopen left On (required by PHPMailer for SMTP streams).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 19:55:11 +01:00
fs
25370a1a55 add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00