-
Notifications
You must be signed in to change notification settings - Fork 662
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
假开源吗? https://weread.111965.xyz 是什么服务? 这个项目强依赖这个接口? #11
Comments
我发现它似乎把用户的token也转发到这个服务了. |
你应该声明这个风险 |
token是从这个服务生成的,只做请求转发。 |
@cooderl 这个服务后续可以改成自己部署吗?否则还是有点担心数据不安全 |
不懂为什么要做一个转发服务器,用户token为啥会走这个服务器?关于token这一点风险,能不能写到描述里? |
我大概能猜到作者的实现方案,微信官方完全可以通过限制单台手机登录的微信号数量来解决这个漏洞。 或者简单D一下你的服务,就凉了 |
@eightHundreds 即然开源能不能不要搞讳莫如深那一套 |
理论上他是能做到的 |
The text was updated successfully, but these errors were encountered: