ctnadovich
commented
4 months ago Regarding security/auth, it seems that nothing authenticates future_events. A malicious user of eBrevet could direct their app to their own altered copy of future_events, with altered parameters, and yet still post checkins to the real region server. The checkins themselves are authenticated, but a malicious future_events copy could alter control locations. If proximity radius could also be set, then all sorts of shenanigans could ensue.
It would be useful if options for eBrevet could be selected on a per-event/region/control basis. For example, the proximity_radius could be set this way, as well as other "developer" options like the one that ignores control open/close times. Security/authentication issue?