diff options
| author |  Joey Hess <joey@kitenet.net> | 2012-07-26 13:47:41 -0400 |
|---|---|---|
| committer | Joey Hess <joey@kitenet.net> | 2012-07-26 13:47:41 -0400 |
| commit | f3efc6dc93b4d4e5054f8a874bd4657245ffb885 (patch) | |
| tree | 2403b96a042cf0b60ae5720204742dabe000c580 | |
| parent | e15878d9e2e89eaab2c3f42a841b1656d8a929bc (diff) | |
update
| -rw-r--r-- | doc/design/assistant/webapp.mdwn | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/design/assistant/webapp.mdwn b/doc/design/assistant/webapp.mdwn index 66561ab6f..fe910c197 100644 --- a/doc/design/assistant/webapp.mdwn +++ b/doc/design/assistant/webapp.mdwn @@ -7,6 +7,9 @@ The webapp is a web server that displays a shiny interface. token. This guards against other users on the same system. **done** (I would like to avoid passwords or other authentication methods, it's your local system.) +* Don't pass the url with secret token directly to the web browser, + as that exposes it to `ps`. Instead, write a html file only the user can read, + that redirects to the webapp. **done** * Alternative for Linux at least would be to write a small program using GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding needing authentication. |