search

NirmalScaria / le-git-graph

Browser extension to add git graph to GitHub website.
https://chrome.google.com/webstore/detail/le-git-graph-commits-grap/joggkdfebigddmaagckekihhfncdobff
MIT License
3.13k stars 16 forks source link

PAT storage and security #48

Closed michael-strelnikov-wdc closed 11 months ago

michael-strelnikov-wdc commented 1 year ago

I'm wondering where and how the PAT is stored. How secure it is to give full access all repositories?

NirmalScaria commented 1 year ago

The PAT is stored in local storage of the browser. It is only sent to GitHub server, and is no way connected to server of Le Git Graph. . PAT is stored as string, with no encryption, because any encryption would be pointless as the decryption code would also have to be included in the extension itself, as PAT is to be sent as is to the Github API. . And about how secure it is to give full access to repositories... as long as the user's system/browser are not vulnerable in some way, and GitHub OAuth is secure enough, it would be secure. There are no other parties involved in PAT based auth.