You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
and it's unclear whether an UUID is really needed and what could happen if the id field could have collisions -- whether it's sent to any servers (i'm guessing not), and what would happen if somebody w/ a separate connection to the same server(s) were to guess the uuid value. Date().getTime() is in milliseconds, so guessing it might require a few trials, but should definitely be feasible.
a comment as to the implications would be nice. or rename this if an actual UUID/GUID is not needed. if one is actually needed, then using a real RFC-4122 compliant UUID might be nice, since there are existing uuid solutions, e.g., https://www.npmjs.com/package/uuid, which could be used.
oasis-wallet-ext/src/popup/component/Toast/ToastContainer.js
Lines 55 to 57 in f912f13
this is used in
oasis-wallet-ext/src/popup/component/Toast/ToastContainer.js
Line 22 in f912f13
and it's unclear whether an UUID is really needed and what could happen if the id field could have collisions -- whether it's sent to any servers (i'm guessing not), and what would happen if somebody w/ a separate connection to the same server(s) were to guess the uuid value.
Date().getTime()
is in milliseconds, so guessing it might require a few trials, but should definitely be feasible.a comment as to the implications would be nice. or rename this if an actual UUID/GUID is not needed. if one is actually needed, then using a real RFC-4122 compliant UUID might be nice, since there are existing uuid solutions, e.g., https://www.npmjs.com/package/uuid, which could be used.
tagging #1 for possible security implications
The text was updated successfully, but these errors were encountered: