-
Notifications
You must be signed in to change notification settings - Fork 0
Security Issues
Jesse E edited this page Nov 3, 2019
·
3 revisions
Information Retention: In order to protect the privacy of our users, we have decided to keep as much data and as many of the calculations done in this program on the client side. By not sending all of the data back to the server there is less of a risk of it being intercepted. As well, if our system is compromised in the future there will be a lack of stored data to access.
Possible Vulnerabilities: We are trying to minimize the amount of ways our system could be compromised by providing an open source license and working through any bugs as they become known. That being said, some possible attack vectors are as follows:
- Man-in-the-Middle Attacks: This could be used to alter the data being sent from our server to our client in a malicious way.
- XSS attacks: Injection attacks could be used on the client side to infect other web-pages if our system became compromised
- Forwarding and Redirect Attacks: If the data is not properly validated, malicious parties could use the functionality of the application to forward the user to a potentially harmful site.