bluesmoon
commented
3 years ago I'm not familiar with streaak. Please describe in detail what you're trying to accomplish, and what you mean by content. Boomerang has no content.
Closed Dhruv-Pindawala closed 3 years ago
bluesmoon
commented
3 years ago I'm not familiar with streaak. Please describe in detail what you're trying to accomplish, and what you mean by content. Boomerang has no content.
Dhruv-Pindawala
commented
3 years ago My query is regarding the ques:
Is publicly exposing boomerang api key a bug for my website or can I store the boomerang api key as plaintext in my html body? Storing boomerang api key as plaintext would make my api-key publicly visible. So, is it a vulnerability/bug to my website?
PLEASE HELP ME OUT WITH THIS PARTICULAR QUERY AS ALL MY OTHER QUERIES ARE RELATED TO THE SAME QUESTION.
mc-chaos
commented
3 years ago Hi, there is no need to include any api-key to your boomerang.js . If the beacon-receiver needs any "key" to authentication, then you need to present this key. And than you have to include this key to your boomerang.js. Bud the key should have only rights to append/write and not to change any thing.
And please do not "cry" (write in upper cases). We are helping you in our free time, earning no money for our help.... so please be friendly to people who will help...
bluesmoon
commented
3 years ago @Dhruv-Pindawala I think you may be referring to the commercial mPulse product from Akamai rather than the open source boomerang library. In general it's better to pay questions about mPulse to your Akamai sales rep.
The mPulse API key is public information. It's safe to display on your website. It's just a mapping to your domain name.
Can we interact with the content and access it using an api key, similar to what we can do for other apis. I am talking about a way similar to what is mentioned in https://github.com/streaak/keyhacks Please help