Comments (4)
olliebennett
commented on July 28, 2024
I agree that this would be an improvement.
In order to maintain backwards compatibility with the current process (i.e. server configurations which currently check for the GET parameter ?task=send) how about sending both POST and GET together? That is, send a POST request to your_callback_url?task=send.
As a sidenote, I'm actually satisfied by the level of security offered by the combination of HTTPS POST and the secret/device ID, which sacrifices neither clarity of code nor ease of server development. What would your suggestion be for the "more secure authentication mechanism"?
from smssync.
commented on July 28, 2024
Combining GET and POST like that is kind of ugly, but so is breaking API. There's probably some combination of server and language that breaks even with that, but probably rather rare.
I would propose that since there's already a user defined secret key(i.e. a password) per sync target, all requests to that target(sending, task checking, potential callbacks) would include in POST these items:
- Device ID
- A hash of the secret, concatenated with the device id
Hash function should be something widely available, like sha512.
from smssync.
mandric
commented on July 28, 2024
I vote for separate settings option to include username/password for HTTP basic auth, that is just used on any request when activated. Basic Auth over https is not so horrible.
from smssync.
eyedol
commented on July 28, 2024
Basic Auth is now supported.
from smssync.
Related Issues (20)
- custom web service not syncing SMSes HOT 2
- Add link to privacy policy content HOT 1
- MessageModel: IllegalArgumentException: ALERT is not a constant
- performTask: NullPointerExeception
- Add Firebase Crash Reporting Support
- sent_to always returns an empty string HOT 3
- APK without analytics?
- F-Droid version doesn't exist anymore HOT 4
- Source does not build with current tools
- SMSsync service constantly disables itself. HOT 2
- Logo design contribution HOT 3
- SMSsync in no longer on Google Play HOT 5
- Authenticatation not done for tasks
- Blank "sent_to" value when post
- secret key sent in query.
- Is there an actively maintained fork of this somewhere? HOT 6
- Valid Endpoint - Returns Correct Responses - But not syncing messages
- H
- Website content text too small on desktop / laptop screen
- Here is the SMSSync alternative for HTTP forward webhook (only to forward SMS to HTTPS endpoint)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from smssync.