New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security concerns for client side implementation #13

Closed

ryandotsmith opened this issue Nov 14, 2013 · 4 comments

ryandotsmith commented Nov 14, 2013

I am wondering if it is recommended to use this for tracking client side JS errors. If it is the intent to have this library support client side operation, how should I authenticate my honeybadger requests?

sahin commented Nov 14, 2013

Ryan, we are using honeybadger for a long time in our startup, movielala.com.

there is 2 types of errors u can catch.

window.error
or u can catch inside your try{} catch{}
There is no security issue , because these error will be shown in the console any way or js code....

honeybadger requests , u will add your key in js, this is not a security issue too, because all the key of services like ga, mixpanel, facebook, open to every one... and has a domain name matching... so noone can use it...

I hope these answers your question...

Contributor

starrhorne commented Nov 14, 2013

Hi Ryan,

Yep, this library is intended for client side error tracking.

Your front end api key is not the same as your back-end api key, so the back-end key won't be exposed.

When using the client-side API there's always the possibility that someone could use the JS debug console to send you fake errors. But that's just the nature of client-side JS.

Best,
Starr

starrhorne closed this as completed

Author

ryandotsmith commented Nov 14, 2013

Thanks! I am excited to integrate our client side and server side errors!

Contributor

starrhorne commented Nov 14, 2013

Sweet. :)

If you have any other questions feel free to email us at support@honeybadger.io.

Best,
Starr

subzero10 pushed a commit that referenced this issue


          Bump dependencies by @dependabot

5730c5c

Bump request from 2.83.0 to 2.85.0 (#9)

Bumps [request](https://github.com/request/request) from 2.83.0 to 2.85.0.
- [Release notes](https://github.com/request/request/releases)
- [Changelog](https://github.com/request/request/blob/master/CHANGELOG.md)
- [Commits](request/request@v2.83.0...v2.85.0)

Bump eslint-plugin-promise from 3.6.0 to 3.7.0 (#11)

Bumps [eslint-plugin-promise](https://github.com/xjamundx/eslint-plugin-promise) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/xjamundx/eslint-plugin-promise/releases)
- [Changelog](https://github.com/xjamundx/eslint-plugin-promise/blob/master/CHANGELOG.md)
- [Commits](eslint-community/eslint-plugin-promise@v3.6.0...v3.7.0)

Bump eslint from 3.19.0 to 4.19.1

Bumps [eslint](https://github.com/eslint/eslint) from 3.19.0 to 4.19.1.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/master/CHANGELOG.md)
- [Commits](eslint/eslint@v3.19.0...v4.19.1)

Bump mocha from 3.5.3 to 5.1.1 (#13)

Bumps [mocha](https://github.com/mochajs/mocha) from 3.5.3 to 5.1.1.
- [Release notes](https://github.com/mochajs/mocha/releases)
- [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md)
- [Commits](mochajs/mocha@v3.5.3...v5.1.1)

Bump nock from 9.0.28 to 9.2.5 (#14)

Bumps [nock](https://github.com/node-nock/nock) from 9.0.28 to 9.2.5.
- [Release notes](https://github.com/node-nock/nock/releases)
- [Commits](nock/nock@v9.0.28...v9.2.5)

Bump eslint-plugin-import from 2.8.0 to 2.11.0 (#16)

Bumps [eslint-plugin-import](https://github.com/benmosher/eslint-plugin-import) from 2.8.0 to 2.11.0.
- [Release notes](https://github.com/benmosher/eslint-plugin-import/releases)
- [Changelog](https://github.com/benmosher/eslint-plugin-import/blob/master/CHANGELOG.md)
- [Commits](import-js/eslint-plugin-import@v2.8.0...v2.11.0)

Bump eslint-config-airbnb-base from 11.3.2 to 12.1.0 (#17)

Bumps [eslint-config-airbnb-base](https://github.com/airbnb/javascript) from 11.3.2 to 12.1.0.
- [Release notes](https://github.com/airbnb/javascript/releases)
- [Commits](airbnb/javascript@eslint-config-airbnb-base-v11.3.2...eslint-config-airbnb-base-v12.1.0)

Bump nyc from 11.2.1 to 11.7.1

Bumps [nyc](https://github.com/istanbuljs/nyc) from 11.2.1 to 11.7.1.
- [Release notes](https://github.com/istanbuljs/nyc/releases)
- [Changelog](https://github.com/istanbuljs/nyc/blob/master/CHANGELOG.md)
- [Commits](istanbuljs/nyc@v11.2.1...v11.7.1)

Bump cross-env from 5.1.1 to 5.1.4

Bumps [cross-env](https://github.com/kentcdodds/cross-env) from 5.1.1 to 5.1.4.
- [Release notes](https://github.com/kentcdodds/cross-env/releases)
- [Changelog](https://github.com/kentcdodds/cross-env/blob/master/CHANGELOG.md)
- [Commits](kentcdodds/cross-env@v5.1.1...v5.1.4)

Bump eslint-config-standard from 10.2.1 to 11.0.0

Bumps [eslint-config-standard](https://github.com/standard/eslint-config-standard) from 10.2.1 to 11.0.0.
- [Release notes](https://github.com/standard/eslint-config-standard/releases)
- [Changelog](https://github.com/standard/eslint-config-standard/blob/master/CHANGELOG.md)
- [Commits](standard/eslint-config-standard@v10.2.1...v11.0.0)

Bump codecov from 2.3.1 to 3.0.1

Bumps [codecov](https://github.com/codecov/codecov-node) from 2.3.1 to 3.0.1.
- [Release notes](https://github.com/codecov/codecov-node/releases)
- [Commits](codecov/codecov-node@v2.3.1...v3.0.1)

Bump eslint-plugin-standard from 3.0.1 to 3.1.0

Bumps [eslint-plugin-standard](https://github.com/xjamundx/eslint-plugin-standard) from 3.0.1 to 3.1.0.
- [Release notes](https://github.com/xjamundx/eslint-plugin-standard/releases)
- [Commits](standard/eslint-plugin-standard@v3.0.1...v3.1.0)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment