Security Baseline

Security Model

This game needs three security layers at once:

• web application security
• game-state integrity
• economy and abuse prevention

Core Rule

The client is never authoritative. The browser can request actions, but the server must validate and resolve all meaningful outcomes.

Edge and Platform Controls

• put the app behind Cloudflare WAF and TLS
• enable rate limiting per sensitive endpoint
• use Turnstile on signup, login, reset, and suspicious flows
• add bot controls if budget permits

Session Security

• use secure HttpOnly cookies
• avoid client-stored long-lived auth tokens
• support session rotation and revocation
• add optional or role-based MFA

Game Integrity Controls

• validate all action preconditions on the server
• make mutating requests safe to retry so one click or network retry cannot duplicate rewards, items, or orders
• keep authoritative inventory, gold, and loot state server-side
• serialize high-contention systems through Durable Objects or equivalent coordinators

Economy Protections

• unique IDs for important items
• ledger or audit trail for gold and rare assets
• escrow for contracts and high-value settlement
• two-step confirmation for direct trade
• anti-spam rules for auction and market posting

Content Safety

• sanitize all user text
• do not allow raw HTML in player-facing content
• do not allow user-uploaded SVG at launch
• if custom emblems are added later, sanitize and rasterize them server-side

Operational Controls

• immutable admin and economy logs
• staff roles with least privilege
• tools to freeze trading, auctions, or treasury flows during incidents
• anomaly alerts for duplication, inflation, or scripted behavior

Phase 1 Security Minimum

Do not launch without:

• server-authoritative mission resolution
• secure auth and session handling
• WAF and rate limits
• audit logs for currency and valuable items
• sanitized player text
• safe trade settlement