tatey
commented
4 years ago Should the ID that's returned in the submission actually be a token? That way you can't tamper with other submissions by guessing an auto incrementing ID.
Open tatey opened 4 years ago
tatey
commented
4 years ago Should the ID that's returned in the submission actually be a token? That way you can't tamper with other submissions by guessing an auto incrementing ID.
tatey
commented
4 years ago Should this endpoint have additional protections against abuse? See https://github.com/CrunchyBagel/TracePrivately/issues/37.
tatey
commented
4 years ago Since 8601982 submissions are now limited to a max of 21 keys.
See https://github.com/CrunchyBagel/TracePrivately/issues/21.
Request to
/api/submitcan send through the submission ID which means the keys should be appended to the submission.