New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't transmit the secret key to google #1

Closed
ccoenen opened this Issue Dec 4, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@ccoenen

ccoenen commented Dec 4, 2016

In this piece of code, you generate a URL that generates a QR-Code. The user will load this URL and is effectively transmitting their secret key to Google.

I think this is not ideal.

I believe the QR-Code should either be generated onthe ESP or the client (there are JS implementatations which could be included), but not by a third party.

@jjssoftware

This comment has been minimized.

Owner

jjssoftware commented Dec 4, 2016

You're right I agree, I'll take a look at removing this.

Personally I'll probably end up going with a JS QR code generator implementation rather than an ESP side version.

@jjssoftware

This comment has been minimized.

Owner

jjssoftware commented Dec 4, 2016

This should do it: df0434a

Less is more as they say ;)

@jjssoftware

This comment has been minimized.

Owner

jjssoftware commented Dec 4, 2016

Thanks for the peer review, it's much appreciated. Closing this one down.

@jjssoftware jjssoftware closed this Dec 4, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment