rspace-online

History

Jeff Emmett 45f5cea095 fix(security): AES-256-GCM encryption at rest, XSS escape, salted hashes - C-1: Replace Base64 fake encryption with real AES-256-GCM server-side encryption for linked wallet data (HKDF-derived key from JWT_SECRET) - H-1: Escape token name/symbol in balance table to prevent XSS - H-2: Salt address hash with user ID to prevent cross-user correlation - M-4: Remove cleartext sessionStorage cache for linked wallets Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-09 17:42:09 -07:00
..
encryptid	fix(security): AES-256-GCM encryption at rest, XSS escape, salted hashes	2026-03-09 17:42:09 -07:00
lib	feat: add JSON WebSocket mode, demo seed data, and useDemoSync hook	2026-02-15 09:38:59 -07:00

Jeff Emmett 45f5cea095 fix(security): AES-256-GCM encryption at rest, XSS escape, salted hashes

- C-1: Replace Base64 fake encryption with real AES-256-GCM server-side
  encryption for linked wallet data (HKDF-derived key from JWT_SECRET)
- H-1: Escape token name/symbol in balance table to prevent XSS
- H-2: Salt address hash with user ID to prevent cross-user correlation
- M-4: Remove cleartext sessionStorage cache for linked wallets

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-09 17:42:09 -07:00

encryptid

fix(security): AES-256-GCM encryption at rest, XSS escape, salted hashes

2026-03-09 17:42:09 -07:00

lib

feat: add JSON WebSocket mode, demo seed data, and useDemoSync hook

2026-02-15 09:38:59 -07:00