matschaffer
commented
9 years ago I guess since we have a console warning in place we're probably okay though this feels like there could be some sort of vector for abuse/attack here.
Closed deckar01 closed 9 years ago
matschaffer
commented
9 years ago I guess since we have a console warning in place we're probably okay though this feels like there could be some sort of vector for abuse/attack here.
deckar01
commented
9 years ago @matschaffer Since this function can only set the address, there is no potential to perform any actions. I can't think of an attack that can be performed by making a victim think they are logged into someone else's account. Besides that they would have to have at some point entered the command debugAs('username'), which print a message stating that you are debugging the client.
matschaffer
commented
9 years ago Thanks for the confirmation. Sounds reasonable in that case.
On Wednesday, January 21, 2015, Jared Deckard notifications@github.com wrote:
@matschaffer https://github.com/matschaffer Since this function can only set the address, there is no potential to perform any actions. I can't think of an attack that can be performed by making a victim think they are logged into someone else's account. Besides that they would have to have at some point entered the command debugAs('username'), which print a message stating that you are debugging the client.
— Reply to this email directly or view it on GitHub https://github.com/stellar/stellar-client/pull/1138#issuecomment-70904565 .
thejollyrogers
commented
9 years ago :+1:
Adds a global javascript function for logging in and debugging the client with only a username or address.
debugAs('jared')debugAs('gEbULLfbgv1XHUgxq2C1FWLfKzDie2KWDG')