Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URL query is insecure #156

Closed
r3m0t opened this issue Feb 18, 2023 · 3 comments
Closed

URL query is insecure #156

r3m0t opened this issue Feb 18, 2023 · 3 comments
Assignees
@robinmoisson
Labels
feature

Comments

@r3m0t
Copy link

r3m0t commented Feb 18, 2023

Hi, instead of using the ? query in the URL, it would be more secure to use the # fragment, as this is not sent to the server hosting the encrypted page.
@quinncomendant
Copy link

quinncomendant commented Feb 22, 2023
edited
Loading

I just came here to suggest this. Using URL query params causes the secret key to be saved to server access logs.

Better to use the key with a hash mark, e.g.:

example_encrypted.html#b91643e123aad6c3565f273a71bf752231c0704342f81438d8a2e964442dbb47

@robinmoisson
Copy link
Owner

This is a great idea, thank you for the suggestion!

@robinmoisson robinmoisson self-assigned this Feb 22, 2023
@robinmoisson robinmoisson moved this to Planned this version in StatiCrypt roadmap Feb 25, 2023
@github-project-automation github-project-automation bot moved this from Planned this version to Done in StatiCrypt roadmap Mar 29, 2023
@robinmoisson
Copy link
Owner

Done & released, we also use fragments for logout, that way nothing staticrypt related is ever sent to the server. Thanks for the suggestion!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@robinmoisson robinmoisson

Labels
feature
Projects
StatiCrypt roadmap
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@r3m0t @robinmoisson @quinncomendant