This repository has been archived by the owner on Jan 28, 2023. It is now read-only.
Security risk - printing raw server key #235
Projects
Milestone
Comments
|
Valid point, this seems like a regression as I was originally replacing the server key, not sure what happened. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
There is currently security risk with WooMinecraft logging connection url when it gets unexpected response.
There isn't a given that all people having access to console have access to the woocommerce shop key. This can result in possible sabotage where someone would set up a server with the key and redeemed the purchases there instead of the server it's supposed to.
Best way to fix this is to send the server key in a header instead of in the url and display the data based on header rather than raw url on wp plugin side.
The text was updated successfully, but these errors were encountered: