Security

Designed with boring, useful safeguards.

ClearLedger uses server-rendered pages, session authentication, password hashing, and CSRF protection for state-changing actions.

Passwords are stored as Werkzeug password hashes, never as plain text.

Every POST form includes a per-session CSRF token that is validated before changes are saved.

Controls and evidence are always queried by the logged-in user before viewing, editing, or deleting.