undefined | Better HN

0 pointslmc3y ago0 comments

"Please do not spread fear, uncertainty, and doubt about security without precise details."

I read the FAQ several times before posting, and it still didn't answer the security question. Elaborating my concerns...

You suggest developers use this. That means, users will most likely be running dev servers. Dev servers, especially in the NodeJS world offer the ability to connect a debugger.

What happens when someone spams requests to connect a debugger to bore.pub:<PORT>?

0 comments

whodev3y ago

You have to explicitly tell bore which server to serve your client on. At no point do you have to use 'bore.pub'. That is being provided by the developer as a public place if you choose not to run your own bore server.

j / k navigate · click thread line to collapse

0 pointslmc3y ago0 comments

"Please do not spread fear, uncertainty, and doubt about security without precise details."

I read the FAQ several times before posting, and it still didn't answer the security question. Elaborating my concerns...

You suggest developers use this. That means, users will most likely be running dev servers. Dev servers, especially in the NodeJS world offer the ability to connect a debugger.

What happens when someone spams requests to connect a debugger to bore.pub:<PORT>?

0 comments

whodev3y ago

j / k navigate · click thread line to collapse