Security
========

Pain001 applies several security controls relevant to payment processing:

* Path validation constrains template, schema, and data files to approved directories.
* XML parsing uses ``defusedxml`` protections.
* Template rendering uses a Jinja2 sandbox for XML generation and rejects filesystem directives such as ``include`` and ``extends``.
* Validation APIs reject paths that escape the working directory or temporary directories.
* Structured logging redacts common payment identifiers, and row-validation failures avoid printing raw IBAN/BIC values.

Operational notes:

* Keep templates and schemas under source control.
* Prefer the built-in validation and migration commands over ad hoc scripts.
* For large-file processing, use streaming mode to reduce memory pressure without widening file access.
* The library currently does not implement XML digital signatures, encryption, or certificate validation; those concerns remain external integration responsibilities.