科技回声

19 条评论

Holy insecure demo batman<a href="https://yoauth.herokuapp.com/authorize?redirect_to=http%3A%2F%2Fyoauth.herokuapp.com%2Ftest.html&username='><MARQUEE>XSS</MARQUEE><!--" rel="nofollow">https://yoauth.herokuapp.com/authorize?redirect_to=http%3A%2...</a>And they want me to trust them with authentication?

评论 #8106923 未加载

评论 #8123447 未加载

downandout将近 11 年前

Yo is useless and IMO anyone that has or will put money into it no longer has any credibility as an angel/VC. Yoauth actually is comparatively useful, but unfortunately Yo does not and never will have the critical mass to make anyone want to implement it as an authentication scheme. Twitter is a distant second to Facebook in the authentication space, and Yo is no Twitter.

评论 #8099714 未加载

评论 #8099703 未加载

评论 #8099821 未加载

评论 #8099705 未加载

评论 #8099822 未加载

underyx将近 11 年前

I'm really glad this saw the light of day. So many people were criticizing Yo for being 'useless' and all that, instead of trying to think about what to create with it.

评论 #8099629 未加载

sergiotapia将近 11 年前

Error: Invalid usernameI see this string in the URL on the demo page so I'm not sure what this does.

评论 #8099360 未加载

评论 #8099362 未加载

dergachev将近 11 年前

Is it easy to "Yo" back someone if they're not in your contacts? On the android app I don't see how to do that.Also, the security of this seems questionable.There are other, more interesting uses of the yo API: <a href="https://medium.com/@YoAppStatus/yo-developers-api-e7f2f0ec5c3c" rel="nofollow">https://medium.com/@YoAppStatus/yo-developers-api-e7f2f0ec5c...</a>

评论 #8099665 未加载

评论 #8099374 未加载

rdvrk将近 11 年前

Why does the user need to receive a Yo? Wouldn't it be better to ask users for their handle, and then tell them to Yo a specific account in 30 seconds? If it worked like that, yoauth couldn't be used for spam, nor could you Yo someone you know in order to get their credentials if they replied.

评论 #8099859 未加载

theyCallMeSwift将近 11 年前

The author of YoAuth (Bilawal) is one of the awesome student hackers helping to bring the hackathon movement to the UK. <a href="http://mlh.io/about/team#uk-team" rel="nofollow">http://mlh.io/about/team#uk-team</a>

thebrettd将近 11 年前

Well, this certainly blows my yo-based Pomodoro Timer out of the water.

reddog9287将近 11 年前

You can see a demo here! <a href="https://www.hackerbracket.com/hacks/show/53d448e3dfb586b54fab6c44" rel="nofollow">https://www.hackerbracket.com/hacks/show/53d448e3dfb586b54fa...</a>

fndrplayer13将近 11 年前

Even my non-developer friends think this is awesome.Because it is.

dsyko将近 11 年前

Wow, I was also working on this exact thing... Even own www.yoauth.com and the 'YOAUTH' username on yo....Glad someone made it a reality!

geoffreyy将近 11 年前

What if you enter someone else's Yo handle and the user naively Yo back, you will then access his account/data/whatever, I imagine.

icebraining将近 11 年前

So I can use your app to spam other people? Nice :)

评论 #8099413 未加载

notduncansmith将近 11 年前

What if the user doesn't receive the Yo in time to authorize? Yo's always seem to take a while to reach me.

msfty将近 11 年前

I authenticated as authyo using two tabs. Super secure :)It's a fun hack. Nicely done.

angilly将近 11 年前

<3 so much creativity out there.

mousetree将近 11 年前

What is the point of this?

评论 #8099639 未加载

mmahemoff将近 11 年前

Plain http links? I suggest using TLS/SSL for any authentication platform. I know it's a quick hack, but you can quickly setup a secure proxy with Cloudflare.

评论 #8099776 未加载

edoceo将近 11 年前

F! I was working on the same thing! Nice work!

评论 #8099231 未加载