Comment 10 for bug 1865036
Revision history for this message
| Radosław Piliszek (yoctozepto) wrote | #10 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
It is UUID v4, and most likely has to be guessed.
I don't agree IDs are only available with admin credentials. One can look up IDs for own networks without being admin so it's technically possible to snoop it from regular user (and it's not meant to be sensitive in the first place).
I would strengthen the proxy code as well - it should reject requests bearing both the headers - it is not supported.