Security

Last updated: 21 May 2026

Prasar Money includes basic security controls suitable for a simple money manager.

Current protections

• Passwords are stored using secure password hashing, not plain text.
• Account sessions use HTTP-only cookies.
• API routes require authentication for private income and expense data.
• Expense input is validated on both frontend and backend.
• Security headers are included through server configuration where supported.

Recommended hosting setup

• Use HTTPS on the live domain.
• Keep database credentials private.
• Keep file permissions safe: files 644, folders 755.
• Back up the database regularly.

Report an issue

If you find a security issue, contact the website owner with clear steps to reproduce it.