search

toeverything / AFFiNE

There can be more than Notion and Miro. AFFiNE(pronounced [ə‘fain]) is a next-gen knowledge base that brings planning, sorting and creating all together. Privacy first, open-source, customizable and ready to use.
https://affine.pro
Other
42.55k stars 2.77k forks source link

Potential security breach of desktop app​ #4557

Closed pengx17 closed 3 months ago

pengx17 commented 1 year ago

What happened?

In the current workflow, a bad guy could make a fake electron app, register the same scheme like affine:// and intercept the user token.

Distribution version

macOS x64 (Intel)

What browsers are you seeing the problem on if you're using web version?

No response

Relevant log output

No response

Anything else?

No response

Are you willing to submit a PR?

HeJiachen-PM commented 1 year ago

You good boy against the bad guy

Peng Xiao @.***>于2023年10月2日 周一01:33写道:

What happened?

In the current workflow, a bad guy could make a fake electron app, register the same scheme like affine:// and intercept the user token. Distribution version

macOS x64 (Intel) What browsers are you seeing the problem on if you're using web version?

No response Relevant log output

No response Anything else?

No response Are you willing to submit a PR?

  • Yes I'd like to help by submitting a PR!

— Reply to this email directly, view it on GitHub https://github.com/toeverything/AFFiNE/issues/4557, or unsubscribe https://github.com/notifications/unsubscribe-auth/AS5AYR6CD2L4DQBCFWIREYTX5J37JANCNFSM6AAAAAA5PCIQ2U . You are receiving this because you are subscribed to this thread.Message ID: @.***>

affine-issue-bot[bot] commented 8 months ago

Issue Status: 💡 Open

💡 Open

We want to implement the fix or feature in the near future. We can’t promise it will appear in the next public release, but it’s on our short list.

This is an automatic reply by the bot.

forehalo commented 3 months ago

planned in new auth system