|
|
|
|
|
|
by jrumbut
1184 days ago
|
|
|
Whether something is a security problem or not requires a threat model and a notion of what the appropriate functioning of the system is. For all we know, OpenAI intended to release these plug-ins this way, sort of like those bars that require a "secret password" to create a sense of mystery. As an external observer, all I can say is controlling access to plug-ins via client side validation was an unusual choice and it makes me worried they made the same unusual choice elsewhere to protect data I care about. |
|
|