Security

We take the security of your data seriously. Here's an overview of the technical and operational measures we have in place to keep your account and data safe.

Password Hashing

Passwords are hashed using SHA-256 with a server-side salt. Plain-text passwords are never stored or logged anywhere in the system.

Session Tokens

Authentication is handled via cryptographically random 64-character session tokens stored in secure HTTP-only cookies.

Encrypted Transport

All data between your browser and our servers is transmitted over HTTPS/TLS. Unencrypted HTTP connections are rejected.

Minimal Data Exposure

Password fields are never returned in API responses. Public APIs only expose the fields strictly necessary for the UI.

Role-Based Access Control

Every API route verifies the authenticated user's role before processing. Student data is only visible to authorized colleges and recruiters.

Input Validation

All user input is validated server-side. Database queries use parameterized operations to prevent injection attacks.

Found a Vulnerability?

We welcome responsible disclosure. If you discover a security issue, please report it privately to us before making it public. We commit to acknowledging reports within 48 hours and resolving valid issues within 14 days.

Report a vulnerability → security@CodeHiring.io