Tuesday, February 4, 2014

Clarifying

Hey guys, how's it going?!

So I barely uploaded this application and quite a few people have told me that they don't trust it because it's either not open source or because they have to type their password in. I'm just posting to let you guys know that I'll be uploading the source code to Github tomorrow and posting a link to it here. I also want to clarify something.

I've heard from a couple of people that they trust browsers' plugins such as DownThemAll because they don't have to type their passwords. Just so you know: DownThemAll also has access to your Coursera profile. Coursera uses a session cookie called CAUTH and that's the only security validation it makes for your account. So anybody that can get the value of this cookie, has access to your account. Guess what? DownThemAll does have access to that cookie.

If I see that people are interested, I could make a couple of posts explaining a few things I've learned about Coursera's system while making this app. Such as how they did not implement CSRF token right which makes their website somewhat vulnerable.

If you guys want to know more about it, just leave a comment down below. This is all new for me so if I see you want it, I could start talking more about it, making tutorials of how to develop a software like this and so forth.

But yeah, that's pretty much it for today.

Peace out! =)

No comments:

Post a Comment