rabbibotton
commented
2 years ago Will address that this week.
Closed shakatoday closed 2 years ago
rabbibotton
commented
2 years ago Will address that this week.
rabbibotton
commented
2 years ago I updated how the ids are generated. Ideally you are also using https when security an issue as well.
https://github.com/rabbibotton/clog/blob/29fb063ad612d4caff30cef2ac6ba8f69e1355d0/source/clog-connection.lisp#L176-L179
An attacker can first get current generated ID (which are now serial numbers) to know current possible ids range. Then, the attacker could steal others' connections with
ws://HOST/clog?r=CONNECTION_ID.