Monzo Community

Receipts security issue

garete (Gareth) 2 September 2018 20:13 25

From the last thread (again), the key note is they’ll address this in the API rewrite

Download receipts Feedback & Ideas

I’ve been conversing with Hugh privately but for transparency I’ll cross post some of the info here. It would not be possible for someone to brute force one of these URLs as they contain over 100 bits of entropy (this even excludes any entropy in the user ID or the UUID which comes from the client). It would require more computing power than is available on the planet to brute force one of these URLs. As mentioned in comments here, the ideal situation would be that the API would return short …

show post in topic

Home
Categories
FAQ/Guidelines
Terms of Service
Privacy Policy

Powered by Discourse, best viewed with JavaScript enabled