mrdoob/glsl-sandbox

⚠️ Unprotected route

oSumAtrIX opened this issue · 3 comments

Affected route is not authorized and is actively being exploited:

https://github.com/mrdoob/glsl-sandbox/blob/master/server/server.go#L166

Solution

Add auth middleware to said route.

Thank you for the heads up,

Hi, that route is unprotected as users cannot log in. I'm not sure how to stop this. Anyway, I cleaned up all these effects.

Only way I can imagine is to burden attackers via captcha if you need this route to be public.

I'll think about what options we can add to stop these automated submissions. Thanks for the idea.