Qortal-Forker/q-blog
3
0
Fork 0
forked from Qortal/q-blog
Code Issues Pull Requests Activity
Files
main
q-blog/docs/SECURITY_PRIVACY_POSTURE.md
T
greenflame089 0b100af686 Release v0.2.2
2025-08-22 07:28:42 -04:00

24 lines
889 B
Markdown
Raw Permalink Blame History

# Q-Blog — Security & Privacy Posture (1.0)
_Generated 2025-08-16 23:27Z_
## Principles
- **Least privilege** — Roles restrict actions; tokens scoped; client never authoritative.
- **Sanitize everywhere** — Rich text sanitized on save and render (allowlist).
- **Fail safe** — On doubt, deny writes; surface clear errors with next actions.
- **Minimal telemetry** — Only crash/quality signals; no PII; user-visible policy.
- **Defense in depth** — CSP, input validation, dependency hygiene, error boundaries.
## Non-Goals (1.0)
- End-to-end encryption for content.
- Fine-grained per-post ACLs (roles are per blog).
## Checklist (Dev)
- Inputs validated client-side; re-validated server-side.
- All writes include role checks and revision/ETag for concurrency.
- Sanitization unit tests cover common XSS vectors.
- Dependencies audited; pinned versions for determinism.
Reference in New Issue View Git Blame Copy Permalink