cdilga
commented
5 years ago Is the solution to add a privacy and logging policy, and accept notification to the user?
I can add this to the frontend and add it into our repo as well
Open olivercoad opened 5 years ago
cdilga
commented
5 years ago Is the solution to add a privacy and logging policy, and accept notification to the user?
I can add this to the frontend and add it into our repo as well
olivercoad
commented
5 years ago That would be another potential solution.
olivercoad
commented
5 years ago FWIW, if we only send the hash of user input to server then it would make solving #18 unnecessary.
Because people are human, some may think it is a good idea to put their passwords in for some reason. Unfortunately, since this sends an api request to the server, which keeps logs, we could unintentionally end up with lists of passwords.
A solution could be to pre-hash all values on all clients before sending them to the server, so that no logs of user input is kept while still being able to cache requests. This would mean that when checking a file, there are three hashing steps: