Script Security #17
Comments
|
I know this is for individual and group use only |
|
A note will be cool, cause i have seen on my servers, that a client use your script! |
|
i see you are not interested! ! As a developer you should generally create code that does not contain any security gaps. It's your security. I threw away your crap code from our servers ! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there,
I noticed that the client-side code you're using for your ChatGPT script exposes API keys and endpoints, which could pose a significant security risk. To prevent this, it's recommended to store sensitive data such as API keys in a .env file or as environment variables on the server-side, rather than displaying them publicly in client-side code.
In this particular case, the API keys and endpoints should be hidden using environment variables or by loading configuration files on the server-side. This can be achieved using server-side languages such as PHP or Node.js. The client-side code can then retrieve this information from a server endpoint, rather than directly accessing it.
Additionally, when using XMLHttpRequest and other Ajax methods, it's important to perform more thorough input validation and sanitization to protect against attacks such as XSS.
I hope this helps. If you have any further questions, please let me know.
Best regards,
Volkan Sah
Explanation:
The message highlights the potential security risks of exposing API keys and endpoints in client-side code, and recommends storing sensitive data in a more secure way. It also suggests using server-side languages to hide the API keys and endpoints, and performing input validation to protect against attacks such as XSS. The message concludes by offering further assistance if needed.
The text was updated successfully, but these errors were encountered: