diff options
| author | nsfisis <nsfisis@gmail.com> | 2025-12-30 21:54:52 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2025-12-30 21:54:52 +0900 |
| commit | b839cae49efd4b9d35c2868a4137101a4d71bd7f (patch) | |
| tree | ebba5706094ebeac86ba84c1c4a7021fbe54e02e | |
| parent | 52695bcb5b510bc57412922df73d6fca94226a74 (diff) | |
| download | kioku-b839cae49efd4b9d35c2868a4137101a4d71bd7f.tar.gz kioku-b839cae49efd4b9d35c2868a4137101a4d71bd7f.tar.zst kioku-b839cae49efd4b9d35c2868a4137101a4d71bd7f.zip | |
feat(dev): update roadmap
| -rw-r--r-- | docs/dev/roadmap.md | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/docs/dev/roadmap.md b/docs/dev/roadmap.md index 4533633..38ef3be 100644 --- a/docs/dev/roadmap.md +++ b/docs/dev/roadmap.md @@ -188,6 +188,23 @@ Smaller features first to enable early MVP validation. --- +## Phase 9: Security Hardening + +**Goal**: Address security vulnerabilities identified in code review + +### High Priority +- [ ] Add rate limiting to login endpoint (brute force protection) +- [ ] Configure CORS middleware + +### Medium Priority +- [ ] Fix card update authorization in sync push (verify existing card ownership) +- [ ] Unify password length requirement (add-user.ts: 8 chars → 15 chars) + +### Low Priority +- [ ] Consider httpOnly cookie for token storage (XSS mitigation) + +--- + ## Future Considerations By priority: |