AidersecuritySecurity

Security Aider Conventions

Aider conventions for security: secure coding patterns, vulnerability prevention, and security review checklist.

CONVENTIONS.md

- Validate all inputs with strict allow-lists; reject anything that does not match
- Use parameterized queries or ORM for all database access; never string concatenation
- Hash passwords with argon2id (recommended) or bcrypt with cost factor >= 12
- Generate cryptographic tokens with crypto.randomBytes (Node) or secrets module (Python)
- Set secure cookie attributes: Secure, HttpOnly, SameSite=Strict
- Implement CSRF protection on all state-changing form endpoints
- Use timing-safe comparison for all secret and token equality checks
- Rotate signing secrets without downtime using key versioning

How to use with Aider

Create a `CONVENTIONS.md` file in your project root. Aider reads this and respects your conventions when generating changes.

← All Aider rules All security rules →

#security#aider#auth#secure-coding#coding-rules

Related Rules

Python Aider Conventions

AiderPython

Aider AI coding conventions for Python: CONVENTIONS.md patterns for automated refactoring and clean Python code.

Code Style

python · aiderCopy Ready

Next.js Aider Conventions

AiderNext.js

Aider conventions for Next.js: file naming, route organization, and App Router conventions.

Architecture

nextjs · aiderCopy Ready

SQL Aider Conventions

AiderSQL

Aider conventions for SQL and database migrations: naming, formatting, and migration patterns.

Database

sql · aiderCopy Ready

Testing Aider Conventions

Aidertesting

Aider conventions for tests: structure, naming, and testing philosophy for maintainable test suites.

Testing

testing · aiderCopy Ready