dubwub
commented
7 years ago This is super super low issue and will be pushed off because schedule is a little wack right now.
Open dubwub opened 7 years ago
dubwub
commented
7 years ago This is super super low issue and will be pushed off because schedule is a little wack right now.
Even with securecookie, we're using symmetrical keys for encrypting and decryption, which could be cracked if someone tried hard enough. Although with the current implementation, the key that we encrypt our cookies with is generated randomly each startup.
Switching to HTTPS is not too bad considering Golang servers have done it before, but it would also add a layer of complexity for people to build their AIs.