search

Cloud-CV / Fabrik

:factory: Collaboratively build, visualize, and design neural nets in browser
GNU General Public License v3.0
1.12k stars 235 forks source link

Improving security in shared links #514

Open PalashTanejaPro opened 5 years ago

PalashTanejaPro commented 5 years ago

Currently, the link sharing system uses simple number based indexing to access models from the db. This has a minor security issue because all user created models can be trivially retrieved by just iterating from all numbers from 1 to the currrent counter by changing the id parameter in the URL.

http://fabrik.cloudcv.org/load?id=2

Ideally, you would want to create a random string that is at least 12 characters long in order to make this completely secure. Shouldn't be too hard to implement.

LuckyPigeon commented 5 years ago

@PalashTanejaPro May I implement this feature?