Username c130020ab8 security: implement HASH-001 and ENUM-001 remediations ...

HASH-001: Add threading lock to content hash deduplication
- Prevents race condition between SELECT and UPDATE
- Ensures accurate dedup counting under concurrent load

ENUM-001: Add rate limiting to paste lookups
- Separate rate limiter for GET/HEAD on paste endpoints
- Default 60 requests/minute per IP (configurable)
- Prevents brute-force paste ID enumeration attacks

2025-12-24 23:12:28 +01:00

2.4 KiB

Raw Blame History

View Raw