diff options
author | Joey Hess <joey@kitenet.net> | 2012-07-26 13:47:41 -0400 |
---|---|---|
committer | Joey Hess <joey@kitenet.net> | 2012-07-26 13:47:41 -0400 |
commit | f3efc6dc93b4d4e5054f8a874bd4657245ffb885 (patch) | |
tree | 2403b96a042cf0b60ae5720204742dabe000c580 /doc/design/assistant | |
parent | e15878d9e2e89eaab2c3f42a841b1656d8a929bc (diff) |
update
Diffstat (limited to 'doc/design/assistant')
-rw-r--r-- | doc/design/assistant/webapp.mdwn | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/doc/design/assistant/webapp.mdwn b/doc/design/assistant/webapp.mdwn index 66561ab6f..fe910c197 100644 --- a/doc/design/assistant/webapp.mdwn +++ b/doc/design/assistant/webapp.mdwn @@ -7,6 +7,9 @@ The webapp is a web server that displays a shiny interface. token. This guards against other users on the same system. **done** (I would like to avoid passwords or other authentication methods, it's your local system.) +* Don't pass the url with secret token directly to the web browser, + as that exposes it to `ps`. Instead, write a html file only the user can read, + that redirects to the webapp. **done** * Alternative for Linux at least would be to write a small program using GTK+ Webkit, that runs the webapp, and can know what user ran it, avoiding needing authentication. |