Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Massive vulnerability of openai api Endpoint not being secured #25

Open
mehmoodosman opened this issue Jan 23, 2025 · 0 comments
Open

Massive vulnerability of openai api Endpoint not being secured #25

mehmoodosman opened this issue Jan 23, 2025 · 0 comments
Labels
civic-tech-issue

Comments

@mehmoodosman
Copy link
Contributor

Image

https://colab.research.google.com/drive/1_FF0zzXwrqVVl1C1N5wZBf7hxnpGJyTY?usp=sharing

There are two potentially major issues:
1- In developer tools > Network: The api endpoint is publicly accesible
2- The api endpoint doesn't have any authbearer token to ensure safety of unauthorised access to api requests

I believe Issue 1 can be resolved with the use of Server Actions in Nextjs and by making the chat component a server action, it can be abstracted from client side so that the url won't be displayed under network tab anymore.

For issue 2 an auth api key can be issued ensuring no unauthorised remote access to the api endpoint even if they obtain the api endpoint url.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
civic-tech-issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aliirz @mehmoodosman