Potential security problems

[hackerchai]

Here are potential problems:

1. The public subscription server is not using HTTPS, besides the default HTTP method is GET. It can be easily MITM attack and cause user's credential leak.
2. This repo is not using any encryption with user's password, it can be stolen by malwares easily.

Maybe you can consider:

1. Using nginx/caddy to provide HTTP service with reliable HTTPS, using this repo as an upstream.
2. Provide user graphical interface (web page frontend) for user. In this way you can change GET method to POST to ensure the security. (Credential information should not using GET method to submit)
3. Implementing master-key mechanism or not saving password to protect user's password.

[0xSeanll]

Thanks for your feedback.

It is the web crawling process on which this repository emphasizes, and we have no plan of developing it into an application with privacy assurance.