jason/dotclaude
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
491a45dd43c441f42aff6d9d1f0162c73df4e2c9
dotclaude/rules/security.md
T
Poshan Pandey 491a45dd43 Add dotclaude configuration files 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 17:16:27 -07:00

20 lines
645 B
Markdown
Raw Blame History

---
paths:
- "src/api/**"
- "src/auth/**"
- "src/middleware/**"
- "**/routes/**"
- "**/controllers/**"
---
# Security
- Validate all user input at the system boundary. Never trust request parameters.
- Use parameterized queries — never concatenate user input into SQL or shell commands.
- Sanitize output to prevent XSS. Use framework-provided escaping.
- Authentication tokens must be short-lived. Store refresh tokens server-side only.
- Never log secrets, tokens, passwords, or PII.
- Use constant-time comparison for secrets and tokens.
- Set appropriate CORS, CSP, and security headers.
- Rate-limit authentication endpoints.
Reference in New Issue View Git Blame Copy Permalink