Featured

AccessURL

Share access to accounts without sending a username/password

Featured comment

Jarred Sumner@jarredsumner
I'm currently figuring out what's next for me. If you have any ideas, email me: jarred@jarredsumner.com :)
Would you recommend AccessURL to a friend?
DiscussionYou need to become a Contributor to join the discussion - Find out how.
Yefim Vedernikoff@yefim · Full Stack Engineer, Raise.me
Finally a useful Chrome extension! ;) Missing one small feature:
Jarred Sumner
Maker
@jarredsumner
@yefim I should build that!!
Lasse Rafn@lasserafn · Apricot
@yefim this is likely to be impossible (at least 100%) sure the link can expire but nothing prevents the receiver from saving the cookies for later :/
Jarred Sumner
Maker
@jarredsumner
@lasserafn chrome extension could mitm sites using access URLs via webRequest API and then the only way to get the cookies yourself is to use Wireshark or Charles w/ trusted self signed cert, but yeah not 100% solution. The 100% solution is probably a proxy, which has other issues (streaming netflix through a proxy is bad)
@lasserafn @yefim That's right - it is an easy to use tool but you cannot call it secure. Also if the web app you login allows this it is a high chance that it is open to cross site scripting and csrf attacks. Still good job! Looks like you turn a trivial hacking method to something enjoyable, at least for some folks ;)
Ferit T.@fokusman · Frontend Techie
@fuater @lasserafn @yefim as long as we send it to non-techies I wouldn't see it as a big problem . A really cool idea!
applab@badroidlabs
@jarredsumner the better is proxy with VPN, to be more secured?
Michael Mroz@mroz_io · Software Engineer, Atlassian
@fokusman @fuater @lasserafn @yefim That doesn't really sit well with me. This is security software. Any feature that obscures the degree to which you have control is not a feature that should be implemented, imo.
Austin Heap@austinheap · Magical Unicorn
@mroz_io @fokusman @fuater @lasserafn @yefim This product creates a security vulnerability for users where one didn't previous exist. It seems absurdly irresponsible to market it without such a warning.
Ben Tossell@bentossell · Community Lead, Product Hunt
This is pretty sweeeeet
Jarred Sumner
Maker
@jarredsumner
@bentossell Thanks!
Ben Tossell@bentossell · Community Lead, Product Hunt
@jarredsumner Can you tell us about how it works technically?
Jarred Sumner
Maker
@jarredsumner
@bentossell Sure! Websites use cookies to keep you logged in across pages. This just takes the cookies used by the current domain, generates a random password, encrypts those cookies with that random password, and then sends the encrypted cookies without the password off to the server. Then, when another user goes to your access URL, the chrome extension takes the password from the URL (which is what shows up in the #), it decrypts the cookies, and then adds them to Chrome's cookie jar. It'd be way easier honestly to just store all the cookies on the server without this encryption, but a product like this is dangerous without a lot of thought put into security. It's worth the extra effort on my part to do right by users.
Ben Tossell@bentossell · Community Lead, Product Hunt
@jarredsumner yeah definitely and I think lots of people will appreciate that. I was asking because of the cookies and security concerns to be honest. Thanks!
oty@otymix · @oneTapVote | working on smthg new 🤐
@jarredsumner @bentossell Very intresting tool ! im just shocked being conscious of the value of our cookies, and the fact it can be used for Login case .. thanks for your clear explanation !
Jarred Sumner
Maker
@jarredsumner
@otymix you're welcome! Let me know if you have any questions or feedback on AccessURL
Mike Desjardins@mdesjardins · Made https://www.remotelyawesomejobs.com
@jarredsumner that is damned clever. So it's kinda sorta like shared secure side-jacking but used for good.
Sergio Flores@byoigres · Software Developer
@jarredsumner this is pretty cool.
Jarred Sumner
Maker
@jarredsumner
@byoigres thanks!
sam hefnawy@samhefnawy · Country Manager, Visionary Strategist
@jarredsumner @bentossell how to make sure the security is okay? what you may be able to do then?
David/Ryal/Pug@davidryalpug
v. elegant solution & solid product history under @jarredsumner's belt give this man lots of twitter follows+money
Jarred Sumner
Maker
@jarredsumner
@davidryalpug 💰💰💰
David/Ryal/Pug@davidryalpug
@jarredsumner did you ever meet that other thiel fellow 'kid' who was working on next-gen holograph/hologram stuff? i helped judge some thiel event in SF and it seemed likely he would get swept up by In-Q-Tel (💰💰💰)
Yan Lhert@yanismydj · CTO Zen99
@davidryalpug @jarredsumner is the man! +1+1+1
Hunter Owens@owens · PM at Stealth
Oooh, this is awesome
Jarred Sumner
Maker
@jarredsumner
@owens Thanks Hunter!
Jack Smith@_jacksmith · Serial Entrepreneur & Startup Adviser
looks like a great idea, built on some solid technology
Jarred Sumner
Maker
@jarredsumner
@_jacksmith Thanks Jack!