Skip to content

fix: treat text app session parameters as sensitive values #36936

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
juliusknorr merged 1 commit into from
Mar 1, 2023
Merged

fix: treat text app session parameters as sensitive values #36936

juliusknorr merged 1 commit into from
Mar 1, 2023

Conversation

@max-nextcloud
Copy link
Contributor

@max-nextcloud max-nextcloud commented Mar 1, 2023

Summary

  • PublicSessionController create receives a share token.
  • The others receive the parameters for a text session: document_id, session_id, session_token. Even though these are relatively short lived they could be used to retrieve content from the document when leaked.

Checklist

@max-nextcloud
fix: treat text app session parameters as sensitive values
95a674e 
* `PublicSessionController create` receives a share token.
* The others receive the parameters for a text session:
  `document_id`, `session_id`, `session_token`.
  Even though these are relatively short lived
  they could be used to retrieve content from the document when leaked.

Signed-off-by: Max <[email protected]>
@juliusknorr
Copy link
Member

juliusknorr commented Mar 1, 2023

Failures unrelated

@juliusknorr juliusknorr merged commit 991aca1 into master Mar 1, 2023
@juliusknorr juliusknorr deleted the fix/treat-text-session-params-as-sensitive branch March 1, 2023 13:28
@blizzz blizzz mentioned this pull request Mar 2, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nickvergessen nickvergessen nickvergessen approved these changes

@juliusknorr juliusknorr juliusknorr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Nextcloud 26

Development

Successfully merging this pull request may close these issues.

4 participants

@max-nextcloud @juliusknorr @nickvergessen