From a glance at the GitHub page, it looks like you can self-host the project. I... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		no_protocol on Sept 23, 2016 \| parent \| context \| favorite \| on: Cryptpad: Zero Knowledge, Collaborative Real Time ... From a glance at the GitHub page, it looks like you can self-host the project. Is "bower install" a possible attack vector as well? I'm unfamiliar with it.

the_duke on Sept 23, 2016 [–]

Bower is a package manager for Javascript libraries.

So the only attack vector would be a MIT attack, intercepting the requests to the Bower registry.

no_protocol on Sept 23, 2016 | | [–]

Or a hijacked GitHub repository/maintainer?

Diederich on Sept 23, 2016 | | [–]

Very good, thanks!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact