search

cytoscape / cy-ndex-2

A Cytoscape client app for the NDEx database
MIT License
0 stars 2 forks source link

User-Agent can leak sensitive information #49

Closed jovimon closed 2 years ago

jovimon commented 5 years ago

User-Agent can leak sensitive information (company internal username of the user of the app) to the Internet if app installed under user home directory.

Example: User-Agent: C:\Users\<internal_user_ID>\CytoscapeConfiguration\jxbrowser

Problem is on this line: https://github.com/cytoscape/cy-ndex-2/blob/1f001eada37f73f979a851d99b8cad360306bc8d/src/main/java/org/cytoscape/cyndex2/internal/util/BrowserManager.java#L209

It should be commented or some standard value passed so the internal username doesn't get leaked to the network.

Thank you very much.

jingjingbic commented 2 years ago

Jxbrowser is no longer used in Cy-NDEx-2.