This repository has been archived by the owner on Oct 7, 2020. It is now read-only.
queryparameter boxid is not secure #123
Comments
|
@Drjoachim > this is for family members that want to see the box from a distance. the actual boxId is normally a guid (and not guessable), so ideally a user would be prevented / 401 when having an incorrect boxId 3 times in a row or so. In general, the entire security flow is something that definitely would need serious (re)thinking, in case we would take this forward |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Question on socialTV, we implemented https://social-tv.azurewebsites.net/?boxid=demobox but without check if I actually have the correct cookie for the demobox... so actually everybody can see demobox's tv session. Shouldnt this be solved?
The text was updated successfully, but these errors were encountered: