-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict users to join the hike #149
Comments
What type of threat to security are you posing, could you elaborate? Also, if one could see or join the hike without seeing the Passkey itself, then what would be the use of hiding it :) |
A possible threat may be getting into trouble if getting followed by someone creep that the leader didn't intend to share with. |
@ItsAdityaKSingh My suggestion would be to give an option to the creator of the beacon of letting people in automatically or by confirming. So whenever a person joins a hike then-leader has to approve it. |
@AshAman999 I personally guess that these hikes aren't something so personal or vulnerable that an unknowing person joining could do any harm for some reason. Think about another case as, if a needy or lost person finds a nearby beacon and connects with it, that person could, in the worst circumstances, even save himself and get the much-needed help from the group. The positives here outweigh it :) |
Do you mean like in an online meet? @vik4114 |
@ItsAdityaKSingh Yes |
This seems a better solution to me. |
@AshAman999 Are you working on this? |
Is your feature request related to a problem? Please describe.
When someone creates a hike, it is visible to all the users nearby with the passkey. And hence anyone can join the hike. Isn't it a possible threat to the security of the persons in the hike as one can join that hike with the given passkey
Describe the solution you'd like
Though the nearby beacons should be visible to others, the passkey should not be visible to the other people in the nearby section of the app.
Describe alternatives you've considered
The simplest approach to deal with this problem is to hide the passkey from the nearby beacons section, and for better security even don't call the data from the API's itself. If discussion approves of the feat I suggested. I can start working on this.
Additional context
Using Android 11 (physical device)
Are you working on this? (Yes/No)
Yes
The text was updated successfully, but these errors were encountered: