cyxou
commented
1 year ago The issue relates to this comment: https://github.com/cyxou/firefly-iii-telegram-bot/issues/16#issuecomment-1569043253
Open cyxou opened 1 year ago
cyxou
commented
1 year ago The issue relates to this comment: https://github.com/cyxou/firefly-iii-telegram-bot/issues/16#issuecomment-1569043253
The choice of bot name determines its discoverability by any Telegram user, who may attempt to utilize it for their own purposes. This could potentially result in unauthorized access to your Firefly III instance data, which is highly undesirable. Although the bot is designed to require the user to provide the Firefly instance URL and Access Token to access or manipulate the data, a safer approach would be to restrict bot usage to specific Telegram user IDs through an environment variable. This way, when an unauthorized user attempts to initiate the bot, a message will be displayed indicating that the bot is intended for private use only, and they should refrain from using it.