Show HN: Another Darn To-Do List App

[cw12574]

Hi guys,

This is my first time building something from scratch so go easy on me.

I've always used to-do lists to keep me productive and stave off anxiety (not sure why they work so well for me but they do). I get kinda annoyed at the to-do list apps on the app stores because they move tasks to the bottom of the list when you tick them off. Some people may like that, but it annoys the shit out of me, because I like to feel a sense of progression as I go down through the list over the course of the day. So this was borne out of my frustration really.

I also made it browser-based so it's easy to access the same list on all devices without installing apps on all of them.

It's free to use. It's just something I made for myself and if others find it useful then that's great. I'd appreciate any feedback (there's a button to give feedback when logged in).

Thanks!

[g105b]

I'm really sorry, but I'm the one who just broke it :S

I was leaving a friendly message on other people's todo lists to expose a vulnerability, but somehow I ended up breaking it completely, and I regret that now.

Please see this as construcive feedback. The vulnerability I was exploiting was an insecure direct object reference (https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Dire...), but there are many other vulnerabilities there too, like Cross Site Scripting (https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Sc...)

Again, I'm really sorry to break your application, but I'm more than happy to help fix the vulnerabilities - is the application open source anywhere?

[cw12574]

Oh wow, thanks for finding this and letting me know. Have taken it offline until I can fix it. I'll open source it tomorrow, read the docs above and see if I can work out a fix.

[g105b]

No problem! It's the wild west out there - feel free to reach out if you need any help/guidance, I'm happy to help.

[cw12574]

Hey man, thanks again for finding this. I've open-sourced the project now: https://github.com/cw12574/anotherdarntodolist

I'm trying to fix the 2 vulnerabilities that you mentioned. I'm pretty new to this though so am struggling a little. Is there any chance there's any way I could message you privately to ask a couple of questions?

[g105b]

Sure, my email's in my github of the same username.

[slater]

Getting a certificate warning ("Unrecognized name") in Firefox

Also I'd make it more obvious for registering, the way it is now makes it look like there's no way to register?

[cw12574]

Ah, thanks on both points. Will change.

[ohadron]

Congrats on your first launch! Way to go. Getting something out there is never easy.

Website feedback: I'd show potential users what's in it for them before requiring them to sign-up.

[cw12574]

Thanks for the kind words! Yes - very good point. I'll add some more info for next time.

[heresjohnny]

Hey cw12574, I wanted to take a peek but I noticed it’s offline. Could you share when it’s online again?

[itake]

I'd like to see what makes your app different from all of the other ones + maybe a demo / example area before I sign up.

[devonnull]

+1 for the name! :-)

But I'm debating whether to give this a -1 because I get a blank page when I click the terms of use link.

[g105b]

at least you aren't obliged to accept the check box :)