Comments (6)
Hi @dmlls, glad you like the app :)
About deletion, I assume you’re talking about actual deletion, not just removing it from the recent groups list? (Although that would be useful too).
For now there is no mechanism in place to delete the groups, but that would be a nice feature.
For automatic deletion, I guess I could implement something like deleting all data related to a group after one year without the group being accessed.
The only concern I have is that (by design) there is no user account and no email address, therefore I can’t send any warning or reminder about group deletion… Maybe a warning when creating the group (and maybe in the settings) would be enough for the users to be careful about it.
from spliit.
Perhaps some kind of warning icon/note near a group to indicate it "will be auto-deleted soon"?
Prompting the user to export/download if needed?
from spliit.
It's basically like trying to brute force a password.
Not exactly like trying to brute force a password. Passwords are hashes of a string generally. If any character mismatches, you can't access particular password.
But here, I can still brute force for a existing groupId. When scales, probability of getting one groupId randomly increases as there will be lot of groupIds.
since the legitimate group members could revert the deletion before it's completed.
We don't have emailIds, so communication with legitimate group owners is still hard.
Sure, #34 works. Just that sharing passwords in urls can still be logged somewhere or malicious people can read it over the network. Blast radius will be very small though. If this is a calculated risk we are okay taking, I can resolve #34 after I'll be done with #5.
from spliit.
About deletion, I assume you’re talking about actual deletion, not just removing it from the recent groups list? (Although that would be useful too).
Yes, I was thinking about actual deletion, but I guess it would also make sense to remove the group from recents once it's removed.
Maybe a warning when creating the group (and maybe in the settings) would be enough for the users to be careful about it.
This sounds sensible to me. Automatic deletion would probably also help you keep the database a bit tidier :)
from spliit.
But there is no authentication. If someone randomly opens a group, can delete a lot of data which might not be intended.
from spliit.
@neonshobhit If a malicious actor gets access to a group, the group is pretty much "done", with or without this feature (e.g. they could simply delete all transactions or edit them maliciously).
In order to mitigate brute force attacks, group ids are generated randomly, contain letters, numbers and symbols, and are long enough. It's basically like trying to brute force a password.
If hypothetically they still got the group id by other means, what @manuerwin proposed in #9 (comment) would also mitigate malicious deletions, since the legitimate group members could revert the deletion before it's completed. Furthermore, if #34 gets implemented, the group members could then set a password for the group to make sure the malicious actors can no longer access it (or change the password, in case they had previously set it).
from spliit.
Related Issues (20)
- [Bug] Invoice scanning - wrong amount in preview HOT 2
- Support: how does one import expenses from a Spliit JSON file? HOT 3
- Display uneven splitting in 'Expense' view HOT 2
- Special 'print mode' style without headers/footers
- Download button in the Expenses Tab HOT 3
- Bug: expenses with a future date mistakenly shown as "earlier this month" HOT 2
- Support: Visible transactions amounts per person HOT 2
- Floppy disk icon in Save button HOT 2
- Mark as paid selects the wrong participant HOT 2
- Add titles to "buttons" for a better user experience HOT 2
- Allow amount cursor edit
- Amount Format Error while creating from recipe
- Wrong path with deploy in apache2 with subfolder - Help HOT 2
- Default Split HOT 1
- Support for notifications HOT 1
- Feature request: Split with adjustments
- Pull access denied for spliit2 when attempting to run in a container HOT 6
- Feature request: user permissions HOT 1
- Allow expense values to be larger than 10.000.000
- Show Expense activity history in edit expense form
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spliit.