mirror of
https://github.com/cliffe/BreakEscape.git
synced 2026-02-21 11:18:08 +00:00
cda71cf6f3
Critical security fix: PIN and password minigames were falling back to client-side validation when the correct answer was available. This allowed players to bypass security by inspecting client-side code. Changes: - PIN minigame: ALWAYS use server-side validation, never client-side - Password minigame: ALWAYS use server-side validation, never client-side - If API client is unavailable, fail securely by rejecting the attempt - Removed backwards compatibility code that allowed client-side validation Security principle: Never trust the client for authentication/authorization. All PIN and password validation must go through the server.