Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commenter emails and IP addresses are leaked through epoch-api #235

Open
cbergen opened this issue Jul 20, 2017 · 1 comment
Open

Commenter emails and IP addresses are leaked through epoch-api #235

cbergen opened this issue Jul 20, 2017 · 1 comment

Comments

@cbergen
Copy link

cbergen commented Jul 20, 2017

The expectation of all commenters should be that their email address is never published. The epoch-api endpoint response includes that plus other unnecessary data and is easily accessible through a browser's developer tools.
@johndavidhunt
Copy link

This is a huge concern for us, we have been using Epoch for several years now. Aside from usual security concerns with this, (which are huge), there is also the concern that users cannot enter their comments anonymously if they so choose. Has any work been done on this yet? I can understand having this data available for the developer/owner of the website I suppose, but not accessible for the end user.

Please advise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cbergen @johndavidhunt