top | item 17874063 (no title) Qwertie | 7 years ago If I make a browser extension that grabs your auth token and all of your messages and sends it to my server. How is slack meant to fix that? discuss order hn newest TheDong|7 years ago I can ask you for your slack password, and you can then tell it to me. How can slack fix that?Any extension that asks for the permission to read data off webpages can read data off webpages, yes.It's the user's responsibility to not install such an extension, not the company's responsibility to do whatever the hell they're doing here.Anyways, this extension wasn't malicious. Its source code was available freely, and auditing it reveals nothing malicious.
TheDong|7 years ago I can ask you for your slack password, and you can then tell it to me. How can slack fix that?Any extension that asks for the permission to read data off webpages can read data off webpages, yes.It's the user's responsibility to not install such an extension, not the company's responsibility to do whatever the hell they're doing here.Anyways, this extension wasn't malicious. Its source code was available freely, and auditing it reveals nothing malicious.
TheDong|7 years ago
Any extension that asks for the permission to read data off webpages can read data off webpages, yes.
It's the user's responsibility to not install such an extension, not the company's responsibility to do whatever the hell they're doing here.
Anyways, this extension wasn't malicious. Its source code was available freely, and auditing it reveals nothing malicious.