noel-friedrich
commented
5 months ago You're right! I'm not publishing the api ("backend") on purpose, since it contains a fair bit of security logic that makes abuse hopefully a little difficult. I'm sure that there's some loopholes that would probably be quite easy to find once that logic is public :)
However, I can tell you that there's a central sql database with a few tables (like the key-value storage) running on the server.
Does that answer your questions? The database logic is quite simple and probably easily replicable. There's a few additional security things that I implemented, but I'm sure you're able to Google a few popular techniques to prevent flooding etc. I'm sure abuse is pretty easy if someone was interested, but as of now, there's no real reward, as there isn't any sensitive data on that same Database.
stet
Hey, cool project. Noticed that some commands rely on api php scripts that do not seem to be in the repo. I could create my own but thought I would ask to see if this was oversight and if they can be included. I think set.php, get.php etc are needed. Or perhaps you can just explain if you are using a db or flat file for storing k/v etc?
Thanks!