Closed SRGOM closed 4 years ago
I had the same thought when I implemented this.
It'd be cool but spooky.
It's a temporary hack. Once the accounts window works, there will be normal authentication.
It is really spooky. If you stole the slack session cookie, you could also stole all others found in the firefox profile. You must support slack Oauth.
Yea, this is really unnerving. I feel like I need to invalidate all my firefox sessions now. What did you do?
I'd like if you addressed how this is happening, I won't be downloading volt until this is addressed. Having said that, I'm sure you're not doing anything out of malice just, as you said, as a hack.
Lol that's what you guys get for running proprietary software.
@xdave More like "that's what you get for not setting up file permissions correctly".
It's actually quite simple. Firefox cookie jar file is not encrypted in any way and it's a simple SQLite file stored in user profile folder. Any app can do the same, unless you run it sandboxed in some way. It's not specific to Volt in any way. You can use Ghidra, IDA or similar software to see how it works (unless this code has been removed), it's not some insanely complex hack. It definitely would be a good idea to ask the user for permission and give the user the option to extract authentication token manually.
I just like how obnoxious communists are paranoid about everything. How do you know @xdave that your washing machine does not have a hidden bomb and your grinder doesn't have a sensor to detect how close your head is to it?
Well ok. That has to be one of the strangest closing issue comments I've ever seen. Obnoxious communists? Hidden bombs?
This project is super sketchy. Never getting near it again.
@Fingel SRGOM is not an author or maintainer of this project, only this issue. I already reported him to GH support.
You want to report someone for closing their own issue?
@Luckz no, just for unproductive comment.
Unproductive comments here:
that's what you guys get for
This project is super sketchy.
¯\(ツ)/¯
Volt won't be doing this in a new release.
IT's a bit spooky how I opened slack for the first time in my life today and then downloaded volt and it opened that channel.. Honestly it's cool but weird. How did you do this? Do you go read firefox history?