Don't ask people to copy-paste commands into terminal #188
Comments
|
I feel this is already part of the threat model: "The user obtains an authentic copy of Pond. |
|
I think I am being insufficiently clear. The page explicitly instructs the end user to copy code from a web page and paste it directly into the terminal. That is not a safe operation, because there is no WYSIWYG when copying from a web browser. Teaching people that it is an acceptable thing to do encourages development and persistence of harmful practices. I made you a pull request that hopefully demonstrates what I am trying to say. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On https://pond.imperialviolet.org/ you ask people to copy-paste some shell commands directly into a terminal.
That is a terrible security practice, because of https://thejh.net/misc/website-terminal-copy-paste
Please change your wording to ask them to paste the commands elsewhere first, so that it doesn't look like you are trying to attack them.
The text was updated successfully, but these errors were encountered: