1 comment

[ 2.7 ms ] story [ 16.3 ms ] thread
Hi everyone,

Creator of this (pretty much useless) Slack bot here. Before anyone is going to complain about how this isn't secure because Slack can still log your passwords, I know and that wasn't the point of developing this. The attack I was trying to solve is when a hacker get access to a the Slack workspace (e.g. a hacked account) and is able to scroll back to get all the passwords. And although this is only marginally better, it made me (and several other people) think about this issue. And therefore, made it worth my time.

You can't try it out from the Slack app directory because they denied my request with the following reply:

Thanks for submitting your app to the App Directory. Unfortunately after looking at your submission we have made the decision that your app is not appropriate for the App Directory. Slack is not designed for the sharing of credentials and as such cannot be used for that purpose safely. In addition we can't approve an app that promotes the sharing of credentials with a third party. Sorry I couldn't have better news for you.

So once again, this was just a Proof-of-concept and should not be used in production, obviously you are welcom to think about the issue. :)