Add to FAQ : What happens to data being pasted into jqplay ?
Phoenixxl opened this issue · 4 comments
It would be nice to have put in a FAQ/disclaimer a clear easy to find answer as to "What happens to testdata pasted into the jqplay.org site."
Should one refrain from pasting in sensitive information ?
( as a rule of thumb one should probably always avoid this )
Is it being sent to a server that parses it?
If it is, is it being kept there for a certain amount of time or until a certain amount of storage gets filled?
Is it being parsed by one's own browser using a java(or similar) jq applet running locally ?
I understand this info can be found by having a detailed look at the source but not every jq user is a programmer.
Thank you in advance for taking this update to the jq faq into consideration.
Friendly regards.
I was shocked to see entire payload being sent to server in ajax request. Users should be warned about it. Also it should be clearly stated that what happens to the data that is sent to the server.
By looking at code, I can see that data is persisted into database only when a snippet is being shared (no surprise :-) ). However, the as the data is being sent to server, it may appear in logs.
I don't mind adding such FAQ. But I'm curious why you are not using jq directly for sensitive data locally on your machine. jqplay doesn't behave any difference than any code hosting site out there, e.g., Gist or jsbin.
@jingweno I use it locally on my machine, I also didn't put sensitive information in jqplay.
I like your jqplay site because it has a beautiful interface compared to me piping a curl result into jq on a terminal.
If I ask why there is no toilet paper in the bathroom that does not mean I already wiped my ass on the wall. I am asking as a precaution. People should be aware what happens with their data.
I am not accusing you of anything, far from it. But I'm sure you agree that these are the kinds of things best avoided instead of remedied.
quote "doesn't behave any difference than any code hosting site"
Because other places do the same thing doesn't mean it's the right way to go about it. Let's say I want to make a website with a basic interpreter I could have the user type in his program, send the result to a server, have that server run the program and return the result in real time to the user.
Or , I could write a basic interpreter in java script or even flash, upload that to the user's browser and have the user's computer interpret his own basic code.
The second would be a lot more work but also be a lot more safe.
The "sharing code" part isn't the issue if you are always having a server interpret the json + filter in real time. Since you would always be sending everything .
If people want to share their bank account info on pastebin by typing it all in then pressing submit it's their own problem. If people are sending every keystroke they type into the pastebin website straight to a pastebin server as they type it that's the kind of thing I would be worried about. ( in this case -as i understand it- the JSON data, before any button saying "share" is pressed )
I 'm not saying you should undertake the massive task of porting jq . But maybe you already did it and weren't sending any data to a server. I didn't know. That's why I asked.
Hence me asking that you add a disclaimer saying : "Don't paste anything sensitive in the jqplay data window, even if you're not sharing it since it's going to be sent to a server"
Friendly regards and thank you for taking this request into consideration.