6 comments

[ 2.8 ms ] story [ 25.3 ms ] thread
Export your snippets from Snipt.net http://fotis.co/snipt/export.php
From a quick glance, this seems woefully insecure. Incrementing "user" by 1 yields (what I assume to be) someone else's export.

If you have any private snippets you would like to keep private, using this exporter would be a bad idea.

If you're the developer of this utility, my recommendation would be to generate a 1-time download link for the snippets instead of hosting them online without any authentication.

> If you have any private snippets you would like to keep private, using this exporter would be a bad idea.

Well if they are private, and someone else figures this out, it doesn't matter whether or not you use the exporter, no?

What I mean is that the exporter linked to by modinfo optionally allows you to input your Snipt API keys to export your private snippets in addition to your public ones.

It appears that once this process is done by the exporter, both your public and private snippets are hosted on the exporters server and accessible without any authentication.

For example, this is an export from the exporter: http://fotis.co/snipt/export.php?user=3760&limit=100

Increment ?user=3760 by 1 and you are greeted with someone else's export.

This seems about as solid a winding down as can be expected; well done. Good on you for taking a swing at this problem.
Yeah, I came here to say that as well. It's amazing what clear and concise communication can make something so much more palatable. It's probably for lack of conflicting business interests forcing you to water down your message.

Good luck with your next adventure.