Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security audit for UrlModifier #42

Open
adam-ce opened this issue Nov 7, 2023 · 2 comments
Open

security audit for UrlModifier #42

adam-ce opened this issue Nov 7, 2023 · 2 comments

Comments

@adam-ce
Copy link
Member

adam-ce commented Nov 7, 2023

malicious users could now send hacked urls. we should check for good measure. now it's not yet important, but in the future we might handle passwords etc.
@GeraldKimmersdorfer
Copy link
Contributor

good thing were not working with database queries quite yet ;) and since we work with c++ we have to cast all strings to appropriate formats anyway. The only reasonable point of attack is the gl configuration but also this gets deserialized using qt functionaly. So the only thing that might happen is that the local instance crashes.

I totally agree though that as soon as we jiggle around data in a server/client environment, we have to play close attention to security.

@adam-ce
Copy link
Member Author

adam-ce commented Nov 20, 2023

yes, i agree to all of it. I just put it as a reminder to think about potential attack vectors etc by myself. and maybe talk to a security expert that i know :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adam-ce @GeraldKimmersdorfer