Mollusk 1f828f1e1a Fix four security issues: keyring storage, API key redaction, input validation, cooldown bypass ...

- Store API key in system keyring instead of plaintext QSettings
- Migrate away from plaintext api_key on first save
- Redact API key from error messages emitted to the UI
- Validate API key (32 hex chars) and Steam ID (17 digits) before use
- Apply refresh cooldown when settings dialog triggers a fetch

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-03 16:14:39 -04:00

20 KiB

Executable File

Raw Permalink Blame History

View Raw