Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flickr API key #139

Open
cnsgithub opened this issue Jul 4, 2018 · 1 comment
Open

Flickr API key #139

cnsgithub opened this issue Jul 4, 2018 · 1 comment

Comments

@cnsgithub
Copy link

What's the problem?
juxtapose includes its Flickr API key in juxtapose.js making it visible to all users. In spite of this disclosure account security should not be at risk.

However, there are two other issues that might arise:

  1. According to https://www.flickr.com/services/developer/api/ key usage is limited to 3.600 queries per hour. Sharing your personal key across all juxtapose users may lead to exhaustion of your quota resulting in denial of service.
  2. According to https://secure.flickr.com/services/api/misc.api_keys.html commercial use is not allowed. Since juxtapose library is provided under MPL license users or frameworks that in turn allow commercial usage might include juxtapose without knowing this restriction. E.g. the popular JSF library PrimeFaces introduced juxtapose in March 2018, see here: ImageCompare: migrate to newer JS plugin primefaces/primefaces#3251

I would suggest to either remove your Flickr API key and see if it's needed at all. Otherwise I would enable users to specify their own API keys.
@cnsgithub cnsgithub mentioned this issue Jul 4, 2018
Closed
@cnsgithub
Copy link
Author

Any thoughts?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cnsgithub