Uploaded image for project: 'Realtime WYSIWYG Editor'
  1. Realtime WYSIWYG Editor
  2. RTWYSIWYG-42

derive secret key for unique realtime channel IDs

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 1.12
    • None

    Description

      It is trivial to determine a channel's unique key, which makes it possible to interfere with a session while it is in progress.

      Use `websocket.getDocumentKey` to determine a secret key which will restrict editing to users with the correct permissions.

      Attachments

        Activity

          People

            Unassigned Unassigned
            amacsween Aaron MacSween
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: