scanning for tokens

Timemaster111

• 4. Oktober 2019 15:56

so I know you guys scan for tokens, it’s not the worst idea ever. However, you don’t scan discord which seems a bit stupid to me. I think you should probably scan discord for bot tokens too, as this seems really insecure.

10

• 

  Timemaster111

  • 4. Oktober 2019 20:38

  so as it stands, the token scanning I thought you guys did is done by github itself, but I still think it’s totally something you could implement

  0
• 

  donovan_dmc

  • 6. Oktober 2019 03:27

  It's up to developers to keep their tokens safe, not Discord.

  0
• 

  TerThesz

  • 11. Januar 2021 21:10

  It sounds like an good idea but it isn't. Discord would have to check every single message which would probably slow the entire system and if it wouldn't then what would u do with leaked tokens? The system that works on GitHub gives the user a link but u can't do that with discord

  0
• 

  donovan_dmc

  • 12. Januar 2021 00:39

  The amount of time it takes to check every message is minuscule. It's matching some regex with some text, not fetching anything from the database unless it matches, so there's barely any processing overhead

   

  Think about it, github scans EVERY SINGLE COMMIT for tokens from MULTIPLE servcies, and it doesn't take long at all for it to notice them, maybe 60 seconds at most

   

  > The system that works on GitHub gives the user a link but u can't do that with discord

  They don't really need to give a link to where it happened, just tell them it happened and rest the token

  0

Bitte melden Sie sich an, um einen Kommentar zu hinterlassen.