Comments (2)
arturovm
commented on June 21, 2024
Yeah :| I'm still trying to decide what's the best strategy for implementing the first–time setup.
- it opens up a vulnerability where anybody from the internet, prior the running the first time setup, can create an admin–level user and hijack the server
- it just doesn't make much sense as it is... plus, the check the server does to determine if you can run the first–time setup is a bit hacky (basically it just queries the database for users and if the query returns more than 0 rows, it returns HTTP status
401)
The first–time setup page is hard–coded into the Go program, to have control over when it is displayed and when it is not (the other alternative is JavaScript and Angular partials, but users can always use "View Source").
A temporary solution to the link problem, is to add extra checks to the log in page Angular controller.
from epitome.
jeena
commented on June 21, 2024
I don't see a problem with the 401, the check must be done if someone tries to get the resource, and it doesn't matter if it is because they clicked on a link or they wrote the url to the browser/curl. The hiding of the link is just to have a better ui, so using JS to do that is ok.
from epitome.
Related Issues (20)
- Send error on wrong Content-Type
- Add link to api_doc.md to README HOT 1
- Why do you use the `X-Session-Token` instead of `Authentication`? HOT 1
- Add subcription name to Article Object HOT 2
- Implement CORS HOT 3
- Send normal HTML in article.content.body HOT 1
- status=read should be in body, not query of PUT
- Add support for both Hawk and a token mechanism
- UpdateArticles on startup
- Some Atom feeds lose their HTML-Tags HOT 7
- [OS X] Select menus look like fields HOT 1
- Automatic update after add/remove subscription HOT 1
- How to reset everything? HOT 2
- Client should delete cookie if server returns 401 with current token HOT 1
- Investigate possibility of using 304 headers to reduce server load
- Name conflict? HOT 4
- Protocol is vulnerable to replay attacks HOT 1
- Add --verbose mode HOT 4
- cannot find package gokogiri HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from epitome.