Skip to content

Security

Sepehr0Day edited this page Jun 13, 2026 · 1 revision

Security

  • Keep answers and puzzle solutions server-side.
  • Never expose target coordinates or Maze paths to an untrusted client.
  • Use short-lived challenge identifiers.
  • Expire challenges after use or after a short timeout.
  • Rate-limit generation and verification endpoints.
  • Do not treat CAPTCHA as a replacement for authentication or abuse controls.

Report vulnerabilities through GitHub Security Advisories.

Clone this wiki locally