-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Internal user notes #6
Comments
Who should have the ability to read these user notes? Who should have the ability to create/edit these user notes? I'm imagining that the primary method of access here is through a user script that adds these notes to the box that appears when you click on a user's name in the chat room, possibly popping out to a larger panel if there's a lot of data. But if we do that, then it's not clear to me how we'd restrict access to only trusted users. The source code of both the user script and the server would be accessible to anyone looking at this repository. That allows attackers to thwart simple forms of authentication like "tell the server your user id", since they have full control over their own client's behavior and can easily impersonate others. |
As discussed in chat:
|
Add comments to each user, possibly referencing a specific message for context.
The text was updated successfully, but these errors were encountered: