dealspace

History

James 03b75e8a7b Security audit 2026-02-28: fix critical/high findings CRITICAL fixes: - OTP code comparison now uses constant-time compare (timing attack) - Backdoor code comparison now uses constant-time compare (timing attack) HIGH fixes: - CORS policy restricted to allowlist (was wildcard *) - Added security headers middleware (X-Frame-Options, X-Content-Type-Options, CSP, etc.) See docs/SECURITY-AUDIT-2026-02-28.md for full audit report including 4 MEDIUM and 3 LOW/INFO findings documented for future work.	2026-02-28 07:17:06 -05:00
..
soc2	Add ops: systemd service, deploy scripts, backup, healthcheck, README	2026-02-28 05:38:02 -05:00
SECURITY-AUDIT-2026-02-28.md	Security audit 2026-02-28: fix critical/high findings	2026-02-28 07:17:06 -05:00

James 03b75e8a7b Security audit 2026-02-28: fix critical/high findings

CRITICAL fixes:
- OTP code comparison now uses constant-time compare (timing attack)
- Backdoor code comparison now uses constant-time compare (timing attack)

HIGH fixes:
- CORS policy restricted to allowlist (was wildcard *)
- Added security headers middleware (X-Frame-Options, X-Content-Type-Options, CSP, etc.)

See docs/SECURITY-AUDIT-2026-02-28.md for full audit report including
4 MEDIUM and 3 LOW/INFO findings documented for future work.

2026-02-28 07:17:06 -05:00

soc2

Add ops: systemd service, deploy scripts, backup, healthcheck, README

2026-02-28 05:38:02 -05:00

SECURITY-AUDIT-2026-02-28.md

Security audit 2026-02-28: fix critical/high findings

2026-02-28 07:17:06 -05:00