DiscussCategory: General questionsAbout UID in the config to startup the editor
Federico asked 10 months ago

I’m bit worried about the uid. It is used to calculate the billing at the end of the month but it’s an information exposed client side and seems there isn’t any relation between token (obtained by oauth) and the uid of a single BeeEditorInstance.

If a malevolent user that use my application that implements beeplugin, simply put a breakpoint in js execution in his browser, reads the token object then he can easly create like a thousands of instances of BeeEditor with random uids increasing my monthly bill by infinite amount!

What’s suppose to be the protection against these malevolent behaviors?

I came at this conclusion because i simply create 2 dummy applications and tried to load 2 editor instances with different uid but with the same token.



1 Answers
Thomas answered 10 months ago

We reported the same concern and were told that there would be no settlement in this case.

The encoding of the UserID into the token would be desirable.

Your Answer