Security Features Demo

  1. Password Hashing with Salt (PBKDF2)
    Go to Add User Page
    2. > Create a user and verify hashed password + salt in DB.
  2. Session Timeout (5 minutes)
    Go to Login Page
    3. > Log in, stay idle for 5 mins, session will expire automatically.
  3. HttpOnly and Secure Cookies
    Log in
    4. > Check that cookies are marked `HttpOnly` and sent only on HTTPS.
  4. SQL Injection Protection
    Go to Login Page
    5. > → Try inputting `' OR '1'='1` ~ system blocks it.
  5. Audit Logging for Login Attempts
    Go to Login Page
    6. > Check your DB table (LoginAudit or similar) after login.
  6. Role-Based Access Control Foundation
    Go to Login Page
    7. > Use different role accounts (admin/user) ~ redirect varies.
  7. Username Uniqueness & User Validity
    Go to Add User Page
    8. > Try registering with an existing username → gets rejected.