LibreBooking is used to reserve shared resources and facilities. Hardening should focus on role boundaries, SSO/OAuth trust settings, and secure session handling for booking workflows.
¶ 1) Enforce role and reservation boundaries
- Restrict global admins and resource managers to required staff.
- Review who can create/edit resources and approval workflows.
- Disable unused public booking visibility options.
- Audit permission changes and reservation overrides.
¶ 2) Secure authentication and federation settings
- Use SAML/OAuth integrations with strict issuer/client settings.
- Keep auth secrets outside source-controlled config files.
- Enforce HTTPS and secure cookies for all user sessions.
- Rotate integration credentials after admin changes.
¶ 3) Protect data and service infrastructure
- Keep database and internal services on private network segments.
- Encrypt backups containing reservation and user data.
- Patch LibreBooking to supported versions only.
- Monitor login anomalies and unexpected reservation spikes.
- LibreBooking documentation: https://librebooking.readthedocs.io/
- LibreBooking source repository: https://github.com/LibreBooking/librebooking
- LibreBooking security policy: https://github.com/LibreBooking/librebooking/security
- LibreBooking Docker: https://github.com/LibreBooking/docker
Any questions?
Feel free to contact us. Find all contact information on our contact page.