shubla wrote:qazdec2 wrote:shubla wrote:But there is really no way of preventing that, as the markers must be saved somewhere so that you can share them with your mates.
1. you could have kept markers at any json online storage like
http://myjson.com,
https://data.mossengine.com/,
https://jsonblob.com/,
https://jsonbin.io/ and used their data url as a user's secret key which neither sent, nor saved on your server (some of those storages have limitations, so import/export buttons would be good to make possible local backups);
2. you could have used E2E encryption, so all markers are encrypted/decrypted locally by user's secret key and you keep ONLY encrypted data in your database so you can't read it without a key even if you want.
If we assume that I am not to be trusted, then none of those options work.
I could just replace the javascript with one that sends me the markers, unencrypted, and no one would notice it.
So we can just go the easy route and save them in my database.
No , the easy way would be to
"you could have used E2E encryption, so all markers are encrypted/decrypted locally by user's secret key and you keep ONLY encrypted data in your database so you can't read it without a key even if you want."
Saving it at your database claiming this
"I could just replace the javascript with one that sends me the markers, unencrypted, and no one would notice it.
So we can just go the easy route and save them in my database."
is a lame excuse , no matter if no one trust you , you should do the right thing if you are so legall as you claim to be
I know no one gives a fuck about my opinion , just wanted to be part
But yeah , you are sketchy as fuck and im totally away your clients and shit