Skip to content

[🔴 FIXING A MAJOR VULNERABILITY 🔴] How do we keep the Scratch session ID a secured confidential secret? #5

Open
Task
Open
[🔴 FIXING A MAJOR VULNERABILITY 🔴] How do we keep the Scratch session ID a secured confidential secret?#5
Task
Assignees
yoyomonemjayz3314
Labels
help wantedExtra attention is neededissue fixThis fixes an issue (it's a sub-issue or has its own issue)questionFurther information is requestedsub-issueThis is a sub-issue of an issue⚠️ VULNERABILITY ⚠️⚠️ A vulnerability has been found ⚠️🔴 MAJOR VULNERABILITY 🔴🔴 A major vulnerability has been found 🔴
Milestone
ScratchCredit 1.0
@yoyomonem

Description

@yoyomonem
yoyomonem
opened on Jan 18, 2025

Describe the question
We need to keep the Scratch session ID a secured confidential secret while also updating it in case it ever changes. But how?

@jayz3314 said:
The scratch session id is not in a secret, which means anybody can access it and use it for bad things.
(taken from #1)

NECESSARY MENTION: @ScratchCredit/developers

Metadata

Metadata

Assignees

Labels

help wantedExtra attention is neededissue fixThis fixes an issue (it's a sub-issue or has its own issue)questionFurther information is requestedsub-issueThis is a sub-issue of an issue⚠️ VULNERABILITY ⚠️⚠️ A vulnerability has been found ⚠️🔴 MAJOR VULNERABILITY 🔴🔴 A major vulnerability has been found 🔴

Type

Task

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions