Comments (5)
anadius
commented on July 25, 2024
I didn't obfuscate the main.js file to protect the credentials, I did it to protect the code itself from being copied without giving proper credits. I'm using credentials from rclone, they are not a secret. And the limits are pretty high. If you use credentials from your own app then at most 100 people will be able to use it unless you verify your app.
I could add a simple override in HTML page like I already did with showBuilder and encryptedIdPrefix. But your credentials will be stored as a plain text.
If you want to use those credentials just for yourself I could add that feature. Two input fields for client ID and client secret - visible only when you're not logged in.
from gd-efc.
bm92aWJldnJvcw
commented on July 25, 2024
I think I can just obfuscate own id secret and paste into the code? that way it won't be plain text?
I will verify the app to increase the limits, I guess.
from gd-efc.
anadius
commented on July 25, 2024
No matter how you obfuscate them people will still be able to read them, one way or another.
If I implement it as a set of variables in index.html someone can simply open the browser console and type the names of those variables to get the values. If I implement it as a function and for example you call setCredentials(clientId, clientSecret); - someone can just open the browser console, type function setCredentials(a,b){console.log(a,b);} and re-run your obfuscated code. That's how easy it is to get the credentials. I can still do it, but it won't be secure.
If you want it to be secure you'd have to keep the client secret on your server and do all the authentication on your server. That requires changing even more code.
from gd-efc.
bm92aWJldnJvcw
commented on July 25, 2024
No matter how you obfuscate them people will still be able to read them, one way or another.
If I implement it as a set of variables in
index.htmlsomeone can simply open the browser console and type the names of those variables to get the values. If I implement it as a function and for example you callsetCredentials(clientId, clientSecret);- someone can just open the browser console, typefunction setCredentials(a,b){console.log(a,b);}and re-run your obfuscated code. That's how easy it is to get the credentials. I can still do it, but it won't be secure.If you want it to be secure you'd have to keep the client secret on your server and do all the authentication on your server. That requires changing even more code.
well then... it looks like I will have to stick with rclone's default oauth. Thanks anyways for the information.
from gd-efc.
anadius
commented on July 25, 2024
Implemented in ac0244c, both overriding the default rclone credentials in index.html and in user selection modal.
from gd-efc.
Related Issues (19)
- Nested folder support HOT 12
- How far does it support static pages? HOT 6
- How To Use ? HOT 10
- "Cannot read property 'importKey' of undefined" HOT 3
- Shared drives? HOT 1
- OOB auth flow is scheduled for deprecation HOT 3
- Trying to load Modal and Getting Error HOT 1
- Fix Buttons HOT 3
- Rate limit exceeded even using my credentials. HOT 6
- Some enhancements needed in My drive area HOT 2
- Website showing "No Decryption server found" after pasting encrypted link HOT 3
- 127.0.0.1 refused to connect HOT 1
- Why main.js obfuscated? HOT 4
- Scrollbar needed in select section
- the file count and size of the main folder does not include those of files inside subfolders HOT 1
- [Feature Request] Add option to clone a folder HOT 1
- Invalid encrypted folder ID error
- Needs a "Clone Folder" button HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gd-efc.