Could I just manually set the likes myself? And what if someone hacks the project and changes the key values? Then what? People have tried making this in the past and have done it the exact same way with the very same security flaws. Next time when someone comes across that code and edits the likes or views counter, don't put all the blame on code.org's poor security.

    Mellow that's not a fix... trust me once you realize how much control you have in the web console it's literally a joke

        Varrience you're at least sorta safe from the kiddos who don't know much bout code

        • -wyi replied to this.

            Mellow Not until someone makes a server that can constantly delete the proto "feature"...

                but seriously there's like 4 people on the entire site who would know how to do that and none of them seem to care enough.

                  Letti42 oH nO letti's gonna make...
                  checks notes
                  a script that repeatedly removes __proto__ from a table open source...

                  ...
                  am i supposed to react to this

                      [WUT] Adam What I'm trying to point out is that we all know code.org's security is flawed, so we should do something about it. proto isn't a solution, it's just a barrier, an obstacle. If you want your projects to be safe, you need to adopt other methods to secure your stored data - which is what I have done and have been doing for several months now.

                          haha thats cool but like one problem, 80 percent of the people here are too stupid to do that (including me)

                          Mellow it protects ya from gray at, the most common hacker. Still a win.

                            Letti42 honestly though, code.org isn't meant for big projects in the first place. if you want to actually make something big, you need to learn how to move on.

                                [WUT] Adam I am going to make something big to spite you.

                                  -wyi You could, for example, use loadImage() in combination with a backend. Or, for a less secure, but faster approach, you could use keyvalues as a makeshift HTTP request system, and have a backend constantly read keyvalues and set them accordingly.

                                    Using keyvalues as a mock HTTP setup is insecure in the sense that anyone can read what is sent, and anyone could also send fake data back to the frontend if they set the return keyvalue quickly enough.

                                      Chat