dealspace

Commit Graph

Author	SHA1	Message	Date
James	bfade7a86f	chore: auto-commit uncommitted changes	2026-03-16 00:01:27 -04:00
James	03b75e8a7b	Security audit 2026-02-28: fix critical/high findings CRITICAL fixes: - OTP code comparison now uses constant-time compare (timing attack) - Backdoor code comparison now uses constant-time compare (timing attack) HIGH fixes: - CORS policy restricted to allowlist (was wildcard *) - Added security headers middleware (X-Frame-Options, X-Content-Type-Options, CSP, etc.) See docs/SECURITY-AUDIT-2026-02-28.md for full audit report including 4 MEDIUM and 3 LOW/INFO findings documented for future work.	2026-02-28 07:17:06 -05:00
James	44dde159f6	Add ops: systemd service, deploy scripts, backup, healthcheck, README	2026-02-28 05:38:02 -05:00

Author

SHA1

Message

Date

James

bfade7a86f

chore: auto-commit uncommitted changes

2026-03-16 00:01:27 -04:00

James

03b75e8a7b

Security audit 2026-02-28: fix critical/high findings

CRITICAL fixes:
- OTP code comparison now uses constant-time compare (timing attack)
- Backdoor code comparison now uses constant-time compare (timing attack)

HIGH fixes:
- CORS policy restricted to allowlist (was wildcard *)
- Added security headers middleware (X-Frame-Options, X-Content-Type-Options, CSP, etc.)

See docs/SECURITY-AUDIT-2026-02-28.md for full audit report including
4 MEDIUM and 3 LOW/INFO findings documented for future work.

2026-02-28 07:17:06 -05:00

James

44dde159f6

Add ops: systemd service, deploy scripts, backup, healthcheck, README

2026-02-28 05:38:02 -05:00

3 Commits