Mellow Not until someone makes a server that can constantly delete the proto "feature"...

      but seriously there's like 4 people on the entire site who would know how to do that and none of them seem to care enough.

        Letti42 oH nO letti's gonna make...
        checks notes
        a script that repeatedly removes __proto__ from a table open source...

        ...
        am i supposed to react to this

            [WUT] Adam What I'm trying to point out is that we all know code.org's security is flawed, so we should do something about it. proto isn't a solution, it's just a barrier, an obstacle. If you want your projects to be safe, you need to adopt other methods to secure your stored data - which is what I have done and have been doing for several months now.

                haha thats cool but like one problem, 80 percent of the people here are too stupid to do that (including me)

                Mellow it protects ya from gray at, the most common hacker. Still a win.

                  Letti42 honestly though, code.org isn't meant for big projects in the first place. if you want to actually make something big, you need to learn how to move on.

                      [WUT] Adam I am going to make something big to spite you.

                        -wyi You could, for example, use loadImage() in combination with a backend. Or, for a less secure, but faster approach, you could use keyvalues as a makeshift HTTP request system, and have a backend constantly read keyvalues and set them accordingly.

                          Using keyvalues as a mock HTTP setup is insecure in the sense that anyone can read what is sent, and anyone could also send fake data back to the frontend if they set the return keyvalue quickly enough.

                            Using loadImage() is much more secure, but it has more of a performance impact on the frontend because you have to decode the returned value using a canvas, which also means it only works in App Lab.

                            [WUT] Adam I was talking with Robot and we were discussing the possibility of a makeshift JWT authentication system for Applab and utilizing record tables to send POST requests. The idea was that the user would send a normal GET request using getImageData with either the username and password or the user ID as payload to the backend. The server would send back the usual response - a status code, some body data, and more importantly, a key that would be used to encrypt messages.

                            When any data gets transferred, the key shifts to something new so that the messages between the user and backend stay secure. Your users' data also stays secure, as all the storage would be hidden and decentralized. Being handled by the hosted server, you could monitor all the actions with a REAL audit log, and even have saved backups.

                            It sounds like a lot to do, but it's very straightforward (in theory), a lot of it I'd done already in my Photop in CDO mini-project. I could make a quick example if you'd like to see how it actually works.

                              how about make something thats so useless there is no point in hacking it

                              Chat