Giter Site home page Giter Site logo

Do not send password as query about weylus HOT 3 CLOSED

h-m-h avatar h-m-h commented on May 17, 2024
Do not send password as query

from weylus.

Comments (3)

H-M-H avatar H-M-H commented on May 17, 2024

First of all, THANK YOU so much for publishing this Amazing software for free!

Thanks, I am happy you like it!

password feature using query in the URL

That is true. The reason why it is encoded in a GET request is that it can be passed along with the QR-Code and you can easily create a bookmark, to make things as seamless as possible.

The password is also visible in the unencrypted packet of HTTP which this program uses.

Weylus is supposed to be used via local network, so if you are afraid of MITM attacks you probably have other problems than getting Weylus to run. Additionally encrypting everything would lead to higher latency. (But maybe there is a use case that actually needs encryption I did not think about, feel free to tell me about it!)

As virtually everyone knows, HTTP is by nature unsecure and naming a feature named "password" may give the user the impression of security while using this application. If the user thus uses their password which they use for other uses on Weylus, this could be another security threat.

You are right, calling this feature "password" can very well be interpreted in the wrong way. Nonetheless, I do not want to remove it as it does provide access control, which is required for say the campus network of some university. What do you think about renaming it, maybe "access code" and adding some explanatory text to the GUI?

p.s. It would be nice if you could afford to add in a fullscreen feature.

Try adding the Weylus page to your home screen on your tablet, opening it via home screen should enable fullscreen.

from weylus.

coughingmouse avatar coughingmouse commented on May 17, 2024

"(Optional) access code" sounds nice enough for me. Thanks for the feedback!

Try adding the Weylus page to your home screen on your tablet, opening it via home screen should enable fullscreen.

Thanks again! Works like a charm. It would be nice if you added this advice in the readme as a tip for dumb people like me.

from weylus.

H-M-H avatar H-M-H commented on May 17, 2024

Fixed with 4af0039.

It would be nice if you added this advice in the readme as a tip for dumb people like me.

It was already there (under Running) but somewhat easy to miss, it got its own section now.

from weylus.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.