This repository was archived by the owner on Aug 28, 2021. It is now read-only.
This repository was archived by the owner on Aug 28, 2021. It is now read-only.
Fix encryption #7
Description
Hi,
Like I told you at NP FB group just when you published code.nastoletni.pl, the implementation of encryption is not safe, better, it's doing nothing.
..but noone given any fuck about it :P
You are still sending encryption key to server in url.
Every guy with server logs access or MITM attacker can obtain your key and decrypt paste.
To fix this security issue just change slash ("/") in url to hash ("#"), the url part after hash character is not being sent to server, it's just for a browser.
Then you can use it in client side to decrypt encrypted contents of paste.
Metadata
Metadata
Assignees
Labels
No labels