more of a question actually, rather than an issue. Couldn't find the answer to my question anywhere else so decided to raise one here.
As stated in README, running the app requires an app id and secret token from my.telegram.org, where, in turn, it's stated for both id and hash, that "it's forbidden to pass this value to third parties". As far as the client is frontend-only, running it with secrets will get the tokens expose to the end user, and obfuscation here can't be called quite a secure way to prevent one from reading it.
This raises further questions, is that possible to run the app in a publicly accessible environment, or should I run it exclusively for my personal use? If the latter, how is the app being run on web.telegram.org itself?
Hi,
more of a question actually, rather than an issue. Couldn't find the answer to my question anywhere else so decided to raise one here.
As stated in README, running the app requires an app id and secret token from my.telegram.org, where, in turn, it's stated for both id and hash, that "it's forbidden to pass this value to third parties". As far as the client is frontend-only, running it with secrets will get the tokens expose to the end user, and obfuscation here can't be called quite a secure way to prevent one from reading it.
This raises further questions, is that possible to run the app in a publicly accessible environment, or should I run it exclusively for my personal use? If the latter, how is the app being run on web.telegram.org itself?
Really hope to get the answers, thanks!