You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm considering using this library to accept CAR files submitted by end users, who are not necessarily trusted parties. Upon reviewing the code, I noticed that there doesn't appear to be any re-hashing of the data before it's processed.
Could this lack of re-hashing pose a security risk, specifically allowing users to submit a malformed CAR file where the data could be stored under an incorrect CID?
The text was updated successfully, but these errors were encountered:
I'm considering using this library to accept CAR files submitted by end users, who are not necessarily trusted parties. Upon reviewing the code, I noticed that there doesn't appear to be any re-hashing of the data before it's processed.
Could this lack of re-hashing pose a security risk, specifically allowing users to submit a malformed CAR file where the data could be stored under an incorrect CID?
The text was updated successfully, but these errors were encountered: