Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't transmit the secret key to google #1

Closed
ccoenen opened this issue Dec 4, 2016 · 3 comments
Closed

Don't transmit the secret key to google #1

ccoenen opened this issue Dec 4, 2016 · 3 comments

Comments

@ccoenen
Copy link

ccoenen commented Dec 4, 2016

In this piece of code, you generate a URL that generates a QR-Code. The user will load this URL and is effectively transmitting their secret key to Google.

I think this is not ideal.

I believe the QR-Code should either be generated onthe ESP or the client (there are JS implementatations which could be included), but not by a third party.
@bebo-dot-dev
Copy link
Owner

You're right I agree, I'll take a look at removing this.

Personally I'll probably end up going with a JS QR code generator implementation rather than an ESP side version.

@bebo-dot-dev
Copy link
Owner

This should do it: df0434a

Less is more as they say ;)

@bebo-dot-dev
Copy link
Owner

Thanks for the peer review, it's much appreciated. Closing this one down.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ccoenen @bebo-dot-dev