Some hopefully constructive criticism. :)<p>- I'd recommend using HMAC rather than plain MD5 to generate signatures. Using MD5 alone exposes you to length extension attacks.<p>- You should consider putting a timestamp or nonce in the signature parameters to prevent replay attacks.<p>- The fact that you're able to validate that MD5(password) is correct implies that you're storing passwords insecurely.<p>- Consider switching your API endpoints to use HTTPS and sending the password unhashed. Hashing the password is not helping you here: since you're using the hashed value for authentication, any attacker who has it might as well have the actual password. Luckily, I don't believe this is as useful without also knowing the PSK, but it's still a design smell.
This looks very nice, but its somewhat inconvenient to write with the preview on top, as it makes the textarea jump around as I type. I think that side-by-side or putting the preview on the bottom would make more sense.
Nice updates! Alas, the service seems to broke: whatever I try to create a new note, I get “Bad Request”. Care to have a look? Much appreciated, and thanks a lot!<p><a href="https://github.com/chmllr/NoteHub/issues/8" rel="nofollow">https://github.com/chmllr/NoteHub/issues/8</a>
Very useful.
I just managed to hide panel see <a href="http://www.notehub.org/2014/1/13/where-is-the-panel" rel="nofollow">http://www.notehub.org/2014/1/13/where-is-the-panel</a><p>Seems like a feature to me.