| --- | |
| description: | |
| globs: | |
| alwaysApply: true | |
| --- | |
| # Security Guidelines | |
| This document outlines the security practices and guidelines for the AI-powered database interface. | |
| ## API Key Management | |
| ### Secure Storage | |
| - API keys are stored in environment variables | |
| - Use of `.env` files for local development | |
| - Secure handling of API keys in production | |
| - Regular rotation of API keys | |
| ### Access Control | |
| - Read-only database operations | |
| - No destructive SQL operations | |
| - Secure database URL management | |
| - User authentication and authorization | |
| ## Best Practices | |
| ### Data Security | |
| - Encrypt sensitive data | |
| - Use secure connections for database access | |
| - Implement proper error handling to avoid information leakage | |
| - Regular security audits and updates | |
| ### Code Security | |
| - Avoid hardcoding sensitive information | |
| - Use secure coding practices | |
| - Regular code reviews for security vulnerabilities | |
| - Implement logging and monitoring for suspicious activities | |
| ## Error Handling | |
| ### Security Issues | |
| - Unauthorized access attempts | |
| - API key exposure | |
| - Database connection breaches | |
| - Resource misuse | |
| ### Recovery Strategies | |
| - Immediate revocation of compromised keys | |
| - Logging of security incidents | |
| - User notification of security breaches | |
| - Regular security training and updates | |
| ## Monitoring | |
| ### Security Logging | |
| - Access logs | |
| - Error logs | |
| - Security incident logs | |
| - Resource usage logs | |
| ### Incident Response | |
| - Immediate action on security incidents | |
| - Regular incident response drills | |
| - User communication during incidents | |
| - Post-incident analysis and learning | |