Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
sli
on Oct 7, 2023
|
parent
|
context
|
favorite
| on:
Show HN: A simple Pastebin Clone using Deno
If the key is just in the URL, what's stopping them from simply obtaining the key out of their access logs and decrypting whatever they want?
leesalminen
on Oct 7, 2023
[–]
Presumably they’re placing it in the # part of the url, which isn’t passed to servers by browsers. Now, of course, the client could still exfiltrate the key with client side JS, but that would be noticeable to anyone that wanted to check.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
