|
|
|
|
|
|
by gyardley
5066 days ago
|
|
|
Yes, retrievable data is obviously accessible by a site admin somehow. But the way he's got things set up: 1) It's trivial for him to inadvertently see something deeply personal to someone just by browsing the 'recent' list or doing a search. UPDATE: I overstated this one - Maciej let me know by email that he can only access private data on the search / recent page if he intentionally masquerades a user. He can only inadvertently see private data when viewing individual user pages. 2) If his account's ever compromised (let's hope he's not reusing that password elsewhere!) then someone else gets that ability as well, accessible from any browser anywhere. It's one thing when you have to ssh into a server somewhere and do a SQL query to access someone's private information. It's another thing to set up your admin account so you're casually exposed to it. I like Pinboard's service too, but this isn't remotely cool. |
|
|