Upgrading Our Frameworks
OFN is built upon two frameworks: Ruby on Rails and Spree Commerce. Each of these continually release security updates. Open Food Network is a number of releases behind on each of these, so some work is required to upgrade our system. This work will allow us to leverage the security improvements made by each of these platforms. These upgrades are currently in progress.
Once OFN is running the most recent versions of these frameworks, I propose a security audit of the system. This could look broadly at two areas:
- A penetration test to search for security issues through which a hacker could gain access to the system.
- A review of OFN’s access control system, to ensure that no user can access data in the site that they’re not permitted to.
As well as securing the site against attack, we want to ensure that it remains available at all times. This will be addressed through the provision of redundant servers, so that the site will continue to run if any server has an issue (see the infrastructure estimate). Additionally, we will store regular database backups in multiple locations so that the site can be recovered in the case of an emergency.
Ping @pmackay - I believe you were interested in this?