Hamza-Ayed
|
97ff911751
|
Update: 2026-05-06 01:38:39
|
2026-05-06 01:38:39 +03:00 |
|
Hamza-Ayed
|
87809ac893
|
Update: 2026-05-03 22:51:59
|
2026-05-03 22:51:59 +03:00 |
|
Hamza-Ayed
|
6d2c61497c
|
Update: 2026-05-03 22:38:30
|
2026-05-03 22:38:30 +03:00 |
|
Hamza-Ayed
|
ab9625839e
|
Update: 2026-05-03 22:15:40
|
2026-05-03 22:15:40 +03:00 |
|
Hamza-Ayed
|
089a2b76c0
|
Update: 2026-05-03 21:58:11
|
2026-05-03 21:58:11 +03:00 |
|
Hamza-Ayed
|
214d96ee8d
|
Security Hardening: Phase 1-3 complete
- C1: Hash refresh tokens before DB storage (sha256)
- C2: Remove JWT_SECRET fallback, fail hard if missing
- H1: Enforce HTTP methods per route (405 on mismatch)
- H2: CORS with origin whitelist from CORS_ORIGIN env var
- H3: Redact sensitive fields (tokens, passwords) from logs
- M1: Build HmacMiddleware with replay attack prevention
- M2: Fix rate limiter race condition with flock LOCK_EX
- M3: Guard dd() — suppressed in production
- M4: Remove .env from git tracking, strengthen .gitignore
- I1: Add HSTS header (max-age=31536000)
|
2026-05-03 21:06:17 +03:00 |
|
Hamza-Ayed
|
8af74f0621
|
Update: 2026-05-03 20:51:50
|
2026-05-03 20:51:50 +03:00 |
|
Hamza-Ayed
|
bc35319f3c
|
Update: 2026-05-03 20:45:16
|
2026-05-03 20:45:16 +03:00 |
|
Hamza-Ayed
|
4b40b1185f
|
Update: 2026-05-03 17:32:57
|
2026-05-03 17:32:57 +03:00 |
|