Qortal-Forker/q-blog
3
0
Fork 0
forked from Qortal/q-blog
Code Issues Pull Requests Activity
Files
main
q-blog/docs/SECURITY_PRIVACY_POSTURE.md
T
greenflame089 0b100af686 Release v0.2.2
2025-08-22 07:28:42 -04:00

889 B
Raw Permalink Blame History

Q-Blog — Security & Privacy Posture (1.0)

Generated 2025-08-16 23:27Z

Principles

  • Least privilege — Roles restrict actions; tokens scoped; client never authoritative.
  • Sanitize everywhere — Rich text sanitized on save and render (allowlist).
  • Fail safe — On doubt, deny writes; surface clear errors with next actions.
  • Minimal telemetry — Only crash/quality signals; no PII; user-visible policy.
  • Defense in depth — CSP, input validation, dependency hygiene, error boundaries.

Non-Goals (1.0)

  • End-to-end encryption for content.
  • Fine-grained per-post ACLs (roles are per blog).

Checklist (Dev)

  • Inputs validated client-side; re-validated server-side.
  • All writes include role checks and revision/ETag for concurrency.
  • Sanitization unit tests cover common XSS vectors.
  • Dependencies audited; pinned versions for determinism.
Reference in New Issue View Git Blame Copy Permalink