3
ThePra
4y

Been working on this webapp for ~1 year, and it's finally up and running! :D

collanon.app

If any of you would like to review it I would be flattered u.u

Comments
  • 7
    More than 12 characters for a password aaaaaand you lost a customer
  • 1
    @kfalencik .-. aha

    I would not care about that kind of client either, my 2 cents u.u
  • 2
    "Beta warnings list

    * There might be some bug

    "

    😂
  • 2
    The privacy policy has an interesting part.

    The external link part where you wouldn't be liable.... now it so happens that a lawsuit in the EU resulted in a ruling that since it's a websites choice to link to another service/server in some way, whether its necessary or not for running your service, you ARE liable as well if those other parties fuck up their security resulting in a data breach or something similar. (The service/site could've chosen not to use the external party so it should be their liability as well)

    This seems to have the most effect on websites including Google analytics and/or Facebook buttons and such.

    I haven't found any trackers yet which us a huge plus but could you explain what kind of analytics or user tracking technologies you use?

    Also, I'd love to signup and try out but how are passwords hashed?

    Let me know if possible :)
  • 2
    @linuxxx Does it matter how the passwords are hashed if you use a unique password for all of your different logins? Passwords being compromised should only compromise one account each.
  • 1
    @AlgoRythm Yup. If I'd consider it secure enough I'd try, if not, I wouldn't.
  • 4
    @linuxxx They use an advanced cryptographic data-driven AI ML block chain bootstrapped abstraction microserice outsource called MD5
  • 0
    @linuxxx For the liability I have yet to horn my ToS, I don't use external services and don't prospect to do that either.

    There isn't actually any user tracking intended, this product is thought for middle-big companies so their data has value(in my POV) to be left private, both in beta and, if it can find continue business revenue, final pay-per-user ala Slack.

    There's also a Support section of the website to give anyone chance to leave feedback,info requests, bug submissions. Doing so I want to respect their eventual will to leave anything of concern without filling their experience with automatic tracking.

    The maximum of analytics may just be for internal growth statistics.

    .NET Core default hasher Rfc2898 😎
  • 0
    @AlgoRythm Yep, but it's still valid to assume that there's some way from the service to protect users despite their counter-measurements(password manager).
  • 0
    @AlgoRythm Nope :DDDDD
  • 2
    @ThePra I'm not a crypto nerd but isnt that standard obsolete?
  • 2
    @AlgoRythm 😂😂😂
  • 0
    @AlgoRythm From what I know it's still unbroken and considered safe.
  • 0
    @ThePra Did some research on that hashing technique and learned that it uses SHA-1 under the hood which is a quite old and broken method but since its .net, I can't give recommendations either 😬😅

    Good that there's no user tracking!
Add Comment