Open jeremydouglass opened 5 years ago
thanks for reporting! given that all apps on the web editor are front end only, this is tricky to solve, and also means that (4) isn't really an option. i like (3) as a solution, but the drawback is that sketches wouldn't be able to be run by users that don't own the sketch. i'm not sure how the editor would implement (1) or (2)—it seems like there could be a lot of edge cases, but maybe that's okay.
i also agree this is another reason to add the ability to make sketches private!
For Now We can add the feature of making sketch private.@catarak i can work on this one
Nature of issue?
New feature details:
Currently, people who create sketches on the web editor using API keys are automatically exposing those keys to the world, and may not be aware they are doing so.
Right now searching the web editor for "apiKey" or similar strings https://www.google.com/search?q="apiKey"+site%3Aeditor.p5js.org
...turns up a couple hundred examples from firebase, google maps, the new york times, giphy, mlab.com, pixabay, uifaces.co, wordnik, openweathermap.org, etc. Most of these are low security, but some are not.
Other than a robust private sketch feature, here are some ways of approaching this problem with features: