[homakov]

Agreed on unnecessary complexity, but it's not a trivial app. Quick scrolling through sources and we see dozens of endpoints and each is potentially vulnerable.

Trusting the server, developers, Flask (which is by no means a good choice for secure app, my word) etc... messengers is a better option for sure.

[tptacek]

The endpoints don't do much, the app delegates most of its functionality to very well-known Python libraries, there's minimal backend, no account system... it's a pretty auditable piece of code. If you can't get a handle on the security of this thing, there's no web app you can get a handle on.

[homakov]

There is account system too - journalists got passwords, sources got "code names"

Not huge, but much more complicated than it could be. For instance, it redefined CSRF protection in a weird way https://github.com/lepture/flask-wtf/blob/master/flask_wtf/c...

[samat]

Securedrop is used by NYT-level companies. I thought using it is a no-brainer for any news media. Now I am having doubts :((

[homakov]

Over complicated doesn't mean insecure, but the less code the better

[kough]

OT: homakov and tptacek in the same thread <3