[Question] Sniff data with multiple clients

probot / smee-client

🔴 Receives payloads then sends them to your local server

https://smee.io

ISC License

426 stars 134 forks source link

[Question] Sniff data with multiple clients #279

Closed LucBerge closed 8 months ago

LucBerge commented 8 months ago

I want to use Smee to forward payloads containing sensitive datas (email, passwords, personal informations). What happens if a malicious user get access to my smee url https://smee.io/abcd (by pushing it to Github for example).

He can listen to payloads without me to known it and access to user sensitive datas.

Do you plan to do something for this use case ? Limit the number of client to 1 ? Whitelist the client IP ?

AaronDewes commented 8 months ago

This is not planned currently, please have a look at the server FAQ at https://github.com/probot/smee.io.

GitHub
GitHub - probot/smee.io: ☁️📦 Webhook payload delivery service
☁️📦 Webhook payload delivery service. Contribute to probot/smee.io development by creating an account on GitHub.

Uzlopak commented 8 months ago

you should not use it in production

LucBerge commented 8 months ago

you should not use it in production

Yes I know but this is a legitim question

Uzlopak commented 8 months ago

We dont plan any changes regarding this.