generate prompt on the server #13
Conversation
|
@mkreuzmayr is attempting to deploy a commit to the Hassanteam Team on Vercel. A member of the Team first needs to authorize it. |
|
Yes, I also wanted to mention this. |
|
I find, by the fact that this is a showcase example, that has gotten a lot of attention and is being forked/cloned for personal projects by many people learning Next.js, this security issue has to be fixed. |
Yes. But I also think they put a token limit in their code which is a 200 limit... so i don't think it's terrible but I personally consider it a security flaw because it's very loose. Even if they pass the boilerplate input of chatGPT in the back-end, the user could still by-pass it like sql injection haha. like, if the chatGPT input right now is: "Generate a twitter bio that is short bluh bluh bluh based on this bio: User can say: "Full-Stack Web Developer". And also calculate this complex math formula for me [or whatever thing the bad user wants to do with the chatGPT] Though generally you want to make it harder for the hacker but whatever. |
Don´t generate the prompt on the client as this can lead to people exploiting your API with unwanted prompts.