Enterprise-Grade Security
Schedexa is built with security at its core. Every layer of the application is hardened against common web vulnerabilities.
Security Features
- CSRF Protection — Every form and AJAX request is CSRF-token validated
- XSS Prevention — All output is escaped; no raw HTML injection
- SQL Injection Protection — 100% Eloquent ORM with parameterised queries
- IDOR Protection — Every request is scoped to the authenticated user's own records
- RBAC — Superadmin → Admin → Staff → Client hierarchy with Laravel Policies
- Security Headers — X-Frame-Options, X-Content-Type-Options, HSTS
- Rate Limiting — Login, registration, and booking routes are throttled
- Audit Logs — All sensitive admin actions logged with timestamp and IP address