Security: Backend Hardening (Profile, Session, CORS) #65
Labels
No labels
area:api
area:core
area:docs
area:infra
area:ux
dependencies
documentation
duplicate
good first issue
help wanted
invalid
question
rust
status:complete
status:partial
status:planned
type:bug
type:design
type:feature
type:infra
type:refactor
type:refactor
type:research
type:ux
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
icub3d/decentcom#65
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Migrated from GitHub issue icub3d/decentcom#91
Original Author: @icub3d
Original Date: 2026-04-18T18:23:32Z
Overview
Implement hardening measures to mitigate potential storage exhaustion and session prediction risks.
Requirements
Anyin production).Design Changes
server/src/profiles/handlers.rsto useMemberUserinstead ofAuthUser.server/src/storage/sqlite/sessions.rsto generate secure tokens using a cryptographically secure RNG.allowed_origins: Vec<String>toNetworkConfiginserver/src/config.rsand update the CORS layer inserver/src/main.rs.Task List
allowed_originsto configuration and update CORS setup.