Skip to content
This repository has been archived by the owner on May 15, 2021. It is now read-only.

Potential security problems #5

Open
hackerchai opened this issue Sep 30, 2020 · 1 comment
Open

Potential security problems #5

hackerchai opened this issue Sep 30, 2020 · 1 comment
Labels
help wanted Extra attention is needed

Comments

@hackerchai
Copy link

hackerchai commented Sep 30, 2020
edited
Loading

Here are potential problems:

  1. The public subscription server is not using HTTPS, besides the default HTTP method is GET. It can be easily MITM attack and cause user's credential leak.
  2. This repo is not using any encryption with user's password, it can be stolen by malwares easily.

Maybe you can consider:

  1. Using nginx/caddy to provide HTTP service with reliable HTTPS, using this repo as an upstream.
  2. Provide user graphical interface (web page frontend) for user. In this way you can change GET method to POST to ensure the security. (Credential information should not using GET method to submit)
  3. Implementing master-key mechanism or not saving password to protect user's password.
@0xSeanll
Copy link
Member

Thanks for your feedback.

It is the web crawling process on which this repository emphasizes, and we have no plan of developing it into an application with privacy assurance.

@loopyme loopyme added the help wanted Extra attention is needed label Sep 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@hackerchai @loopyme @0xSeanll