anujbhan
commented
8 years ago Your are absolutely right, This bug is due to negligence. I have fixed the bug. Whenever you get time please check and close the issue.
regards, Anuj
Closed patel99 closed 8 years ago
anujbhan
commented
8 years ago Your are absolutely right, This bug is due to negligence. I have fixed the bug. Whenever you get time please check and close the issue.
regards, Anuj
patel99
commented
8 years ago Closing the issue.
marpierc
commented
8 years ago Great catch. Please update keys on Karst as well.
Hi TeamZenith,
I saw that you have put both your private key and public key in your resources folder. And making your private key available on public places like github where everyone has access to your private key is highly vulnerable. eg: anyone(even a person who is not part of IU) can login to karst using your private key. Malicious user can enter IU internal network using this. And then they can perform many sort of attack on IU's intranet.
I highly suggest you to remove the private and public key from repositories.
Other approach: 1) You can ask users to put their private key and public key into projects resource directory before building the jar. 2) Or you can ask user for the path where public key and private key is stored during runtime as standard input.
Let me know if anything is not clear regarding this issue.
Pratik Patel