Security isn't an afterthought; it is built directly into the architecture of Confess.me. Here is a technical overview of how we protect the platform and its users.
All user passwords are cryptographically hashed using the PASSWORD_BCRYPT algorithm before they ever touch our database. Plain-text passwords are never stored or logged.
The platform is hosted on a secure TiDB Serverless cluster. Every single database query utilizes strict PDO Prepared Statements. This sanitizes user input at the database engine level, rendering SQL Injection attacks impossible.
To protect users from malicious scripts, all incoming confessions are processed through strict server-side validation. HTML entities are encoded, and potentially dangerous tags are stripped, preventing Cross-Site Scripting (XSS) vulnerabilities.
All traffic between the client, our Render-hosted application server, and our database is encrypted via strict SSL/TLS protocols.