0:00:26
what is going on guys welcome back to a
0:00:34
no buildbreaking fix by raw code as i
0:00:36
messed it up yeah that's my fault
0:00:40
i guess that's what makes the show
0:00:47
fantastic yeah so um
0:00:50
great to have you again
0:00:54
how are we feeling
0:00:59
yeah thanks for having me again um i was
0:01:02
yeah your intro is also
0:01:04
a bill breaking fix
0:01:16
first things first let's um do the
0:01:19
acknowledgement of the country and pay
0:01:22
our respect to the past present and
0:01:24
future so here we go
0:01:27
i begin today by acknowledging the
0:01:29
traditional custodians of the land on
0:01:32
which we gather today and pay my
0:01:34
respects to the elders past present and
0:01:36
future i extend their respect to
0:01:39
aboriginal and torres strait islander
0:01:45
cool that is smoothly done
0:01:58
um i know that i wasn't able to make it
0:02:01
on i believe it was friday
0:02:06
yeah so what did you guys get up to do
0:02:09
you want to give a bit of a context and
0:02:11
then we can carry on from there
0:02:13
yeah sure thing um i don't know if
0:02:15
you're gonna like this or not but we
0:02:18
basically we investigated the
0:02:21
how geckdev executed the
0:02:29
what's it called xss
0:02:36
what we found was um actually tori found
0:02:51
uh run it through like the console using
0:02:53
the websocket connection uh function
0:02:58
so it's actually really cool like i
0:02:59
thought that was really fascinating how
0:03:03
yeah just running javascript through the
0:03:05
function and then it uh executes on the
0:03:08
scrambler so we definitely i think
0:03:10
that's something we need to
0:03:14
add in the backlog anyways to
0:03:16
you know ensure that other people can't
0:03:20
but yeah it's interesting i thought
0:03:22
so we just looked into that which was
0:03:24
fun and interesting
0:03:34
are you jealous now huh that finishes
0:03:39
a little bit a lot better in
0:03:41
the short amount of time eh
0:03:44
it was story man it was it was solitary
0:03:48
no as in um yeah it's
0:03:51
team workbot i'm just teasing jack david
0:04:02
yes i think that was a really good
0:04:05
finding and yeah we would probably have
0:04:07
to pull m effects against that so is
0:04:14
does that still has to be in jira
0:04:16
yeah it's the last about it
0:04:20
not a problem so today what we're gonna
0:04:35
xss attack then basically
0:04:38
because i wanted to do
0:04:42
the the websockets
0:04:51
what was the part there
0:04:52
me and torible working on
0:04:57
i can't remember now oh you guys were
0:05:00
working websockets as well i think
0:05:02
that's what tori told me
0:05:08
you guys were testing a function
0:05:16
a heartbeat happy holiday okay yeah
0:05:21
mention a heartbeat
0:05:23
yeah so i guess we would
0:05:25
um uh i didn't get time to test the
0:05:29
hobby even though i said it as in last
0:05:41
deploy the changes
0:05:47
i don't really know where will we
0:05:51
in the heartbeat stuff
0:06:00
so if story's saying that deploy it
0:06:04
deploy the changes
0:06:06
then that would mean that we've already
0:06:09
done the work but we just have to check
0:06:12
whether that works or not
0:06:16
if we want to test it then everything
0:06:23
someone that i know
0:06:27
might play around again
0:06:31
yes i'm just thinking if we should do
0:06:35
what do you think finesse
0:06:37
i think um yeah we could actually might
0:06:40
already be online but um because uh tori
0:06:43
and i were testing it the other day but
0:06:48
yeah we could we could just still test
0:06:50
it and then you know take it down after
0:06:59
seems to be still online
0:07:04
now i'm just gonna wait for something
0:07:07
funny to happen and
0:07:14
see who the genius is because i have an
0:07:18
app now installed in the browser to see
0:07:21
those con those kind of things
0:07:24
yeah what what does it do
0:07:27
huh what does it do the app
0:07:33
you'll see when i um i i
0:07:39
okay okay don't worry
0:07:53
that was ej it was kind of a really cool
0:07:56
app how i how i got and got to know it
0:08:02
i need that i need that in the stream
0:08:05
and see what's going on
0:08:12
that'll be good um yeah so because it's
0:08:20
i'm thinking how about if we test the
0:08:32
i think at the moment the home page is
0:08:35
index.html but we need to convert that
0:08:43
so if you see if you
0:08:44
go into scrambler.dev
0:08:49
index.html straight away
0:08:54
for yeah it goes to the board page right
0:08:56
the or enter enter name your board
0:08:59
no it goes to the index to his html
0:09:05
that's it let me check
0:09:07
yeah because i'll just type in scrambler
0:09:10
rowcoder.dev and it took me to index
0:09:14
oh okay want to play the music
0:09:18
i mean yeah that's an easy fix right
0:09:23
so financially would be your turn pick
0:09:29
ah or anywhere near oh
0:09:32
yeah i know because we're here
0:09:45
hey stick okay cool here we go
0:09:52
i'm just hoping i don't
0:09:54
i don't fall asleep on this music now
0:09:58
all right um yeah so
0:10:02
i'll probably share share my screen
0:10:16
please do something someone
0:10:18
i'm waiting the app is running
0:10:21
i honestly think this time it could be
0:10:23
it could even be tarry because we did it
0:10:27
like oh all right i see i see he's
0:10:31
probably got it on the
0:10:33
back of his fingertips so ah
0:10:37
i say if something yeah that makes sense
0:10:48
okay i'm just gonna
0:10:51
close some of the private things first
0:10:56
and then we can focus on
0:11:09
i'm just saying like it might be
0:11:17
i missed the stream to be honest
0:11:23
oh he's on to your finish yeah
0:11:29
so i'll just do this and
0:11:32
let's come below and then i'll go to
0:11:42
oh but actually the interesting thing is
0:11:44
and we also tried it um
0:11:48
when we try to create the
0:11:56
uh we use like a script tag to create
0:11:58
the board and it actually
0:12:00
um i don't know what i don't know if
0:12:02
it's dynamodb or or javascript itself
0:12:07
it just get rid of this script tag so
0:12:09
it's not a it doesn't actually create
0:12:12
um which is pretty neat
0:12:14
i see measure that's already in place
0:12:20
that's pretty good so we already um have
0:12:25
validation for that
0:12:33
okay so i'm gonna do that
0:12:36
so in this one basically we're just
0:12:39
testing the websocket
0:12:42
as in how long does it take to get
0:12:59
all right um so that's the properties
0:13:04
there's not that's not that one
0:13:13
um to set the index
0:13:18
scroll down on this one
0:13:21
am i sharing my screen
0:13:25
let's scroll down to static uh site
0:13:28
hosting and then on here yeah
0:13:30
okay ah here we go
0:13:45
okay so now if we try and
0:13:53
homepage here we go perfect
0:13:56
right cool so i'm gonna make a board say
0:14:01
actually first of all i'm gonna go and
0:14:04
delete all the boards
0:14:22
and why am i going to s3 again
0:14:42
it hasn't done well
0:14:45
how many pages are they
0:14:51
just one which is good
0:14:53
so i can basically just delete all this
0:15:03
so go ahead and place um
0:15:16
okay cool so that is t1 which is great
0:15:27
you know what was gonna happen
0:15:32
someone's gonna be a bad
0:15:38
i'm waiting for it
0:15:50
okay so websocket is open
0:15:57
sock is open which is
0:15:59
good so we just basically
0:16:03
wait until this gets
0:16:05
connected i'm gonna put my timer on as
0:16:13
while we can keep on doing
0:16:25
i don't actually know if that's tori
0:16:52
let it happen it's fine
0:17:11
they can have all the fault in one after
0:17:15
why did they direct this to this
0:17:20
play with us and i know exactly who that
0:17:24
is but i'm not gonna
0:17:25
i'm not gonna name them
0:17:33
here we go guys be happy now
0:17:44
gekko says i thought you had a miracle
0:17:46
add-on to fix it zayn
0:17:49
i didn't say fix it i just said just to
0:17:59
okay we need to do that um
0:18:07
uh if you take static hosting off uh
0:18:10
yeah that's what was what i was trying
0:18:13
to find but i wasn't able to
0:18:26
looked on my screen
0:18:33
okay so we can do this testing
0:18:38
off off to us we can just basically
0:18:43
uh fix the excess s attack
0:18:47
when i actually check what is this
0:18:50
exercise attack i didn't even
0:18:53
i never i don't even
0:18:55
know that's right scripting it's a
0:19:00
our type of injection is uh in malicious
0:19:03
scripture injecting otherwise
0:19:07
until the troops and
0:19:15
and how you can fix it
0:19:21
client-side coding injection attack
0:19:25
the attacker am strange human dishes
0:19:27
crystal in the web browser of the victim
0:19:30
by including malicious code uh okay cool
0:19:34
i see that is how it works
0:19:37
so you just probably
0:19:41
on a web page during qr between
0:19:44
javascript and using the security of
0:19:47
their vulnerabilities
0:19:49
and web application and it's
0:19:52
jesus has been compromised yep that i
0:19:56
this is no use problem
0:19:58
like any other and exclusive
0:20:00
vulnerability it is affecting your users
0:20:06
what can the checkered i don't really
0:20:08
want to know what can they do because i
0:20:10
already know what they can do
0:20:13
how christmas and okay i don't really
0:20:16
want to know how it works
0:20:18
stealing cookies using uh
0:20:21
criminals often uses it to steal cookies
0:20:26
script tags body tag javascript
0:20:32
uh taurian said in the comments check
0:20:38
it the library will work with node
0:20:57
donkey fight is the dom only supervised
0:21:03
toward an access sanitizer for html
0:21:10
very simple to use and to get started
0:21:14
okay so we can basically do this
0:21:20
how do we you should use it
0:21:24
to just include dom
0:21:26
peripheral on your
0:21:28
website using the minifile and
0:21:32
using the minified testing production
0:21:36
version so it's not beautiful
0:21:41
okay cool we're choosing this one then
0:21:47
collective says little fixing bugs in
0:21:49
the underlying scrambler code base
0:21:52
instead of just turfing the project and
0:21:53
becoming taxi drivers
0:22:08
yeah it seems like this is a good
0:22:14
using the minified development version
0:22:16
no we don't want to use these
0:22:18
during the minivar testing production
0:22:22
yep probably we can use this one the
0:22:29
tested product production version
0:22:32
source map available
0:22:34
but if this is that where do we download
0:22:41
oh you're gonna do the ball don't marry
0:22:52
would be basically done in
0:23:03
because it's everything is happening on
0:23:09
but they're actually um
0:23:11
they're accessing the function through
0:23:13
to the console i think
0:23:33
because saying that is written in
0:23:36
javascript and works in all modern
0:23:41
says that you worked in all modern
0:23:46
then it would be backend
0:23:51
yeah that makes sense
0:24:05
hospital to tabs is done
0:24:08
here branch will be on
0:24:16
connect prep talking no no
0:24:26
now done that work function no
0:25:30
basically all we do is npm it's
0:25:55
remember saying though we
0:25:59
when we try to use the package uh
0:26:01
remember we were trying to do this for
0:26:03
bcrypt and we tried to use the package
0:26:06
in the file it wasn't
0:26:11
it wasn't working like it we couldn't
0:26:13
access it or something like
0:26:16
something along those lines
0:26:22
actually yes i'm remembering that
0:26:34
we couldn't use it and still front end
0:26:37
so how do we overcome that again that's
0:26:41
we changed the entire
0:26:44
logic to be put in backhand
0:26:55
shouldn't be the case because we can
0:26:57
include the script here
0:27:03
this the script file has to be here
0:27:05
somewhere for downloadable
0:27:12
inside 34-bit style
0:27:20
from pm oh here we go we rely on npm
0:27:23
round square points grades go to them
0:27:28
and team run length
0:27:30
developing and contribution no don't
0:27:52
you can download the script from
0:27:59
is there a link to that
0:28:02
i'll save it in the chat but i should be
0:28:15
oh you sent in the chat
0:28:25
it's funny how it's a private chat and
0:28:28
we open it all while screen
0:28:42
sharing oh not again
0:28:50
new thing is this you know me already
0:28:58
come on good time you can do better than
0:29:09
stop playing hard to get
0:29:13
all right so don't purify
0:29:25
okay just asking questions
0:29:29
hang on a minute okay this purify
0:29:43
watch okay nevermind
0:29:52
but yeah i guess it's minified so it's
0:29:55
like all in one line or something
0:30:00
so we basically just
0:30:04
file name as purified.json
0:30:09
copy and paste this
0:30:11
i guess so yeah yeah
0:30:13
let's try that and get them i'll
0:30:17
get back to you very shortly
0:30:35
i just wrote an extension of mpm
0:30:43
okay time to get back to
0:30:46
jack duff i don't want to leave him
0:30:52
all right what does mr cactus say
0:31:06
i think you wanted me to ask you because
0:31:08
you were like on the screen so you can't
0:31:14
he wanted me to ask you the question
0:31:17
because you normally can't see the
0:31:20
the comments right because you are
0:31:29
why do you ask yet def
0:31:37
saying we can't see a screen by the way
0:31:56
sharing why i stopped
0:32:02
and to be honest what does that even
0:32:25
did you want to try that so the
0:32:34
yeah but so after you you created that
0:32:43
or use that script tag and then
0:32:45
try to use the function
0:32:47
yes so let's do that one
0:32:57
so how do we import it again
0:33:01
i forgot if you go on the github uh
0:33:09
and go back to the main page
0:33:20
and then like you scroll down
0:33:30
there you go so we need to do this
0:33:42
oh actually saying like
0:33:45
since the file is already here
0:33:48
we've always changed the path name okay
0:34:07
so then that should basically do the
0:34:09
trick isn't it we don't really need this
0:34:12
because since these are working
0:34:15
without the type that should be fine
0:34:30
shall we try this now
0:34:37
afterwards you can sanitize string by
0:34:40
executing the following code
0:34:44
oh so we need to sanitize the websocket
0:34:50
yes yeah listen yeah yeah
0:34:52
that would make sense
0:34:56
what's dirty here the results in html
0:35:07
the results in a is still
0:35:14
pretending to dominion using html
0:35:17
to find the right that is totally up
0:35:20
that's really up to you
0:35:29
so basically what we do is we have got
0:35:36
so we basically do this now
0:35:43
so that would go into
0:35:49
maintain to entire entity
0:36:10
that is not the one we need this one so
0:36:15
so we be basically okay so that's
0:36:19
gonna happen on a load
0:36:29
on load so as soon as
0:36:36
basically this your front-end
0:36:50
it goes in that way
0:37:03
where what's his name tori
0:37:07
the function tori was using to execute
0:37:09
it is um dispatch websocket message
0:37:16
but yeah i'm not sure
0:37:20
i think maybe that's a good place to
0:37:47
if we when we're getting the dispatch
0:37:52
on the next line perhaps if we sanitize
0:37:54
it using the that function
0:38:02
you know what i mean on like line four
0:38:09
if it's on if if it's equals board id if
0:38:18
from from there and then also sanitize
0:38:30
what is your end goal here
0:38:34
to sanitize the message
0:38:36
and then pass it to the websocket
0:38:40
um because this is like
0:38:42
yeah like i said um
0:38:46
yeah this is a function tori was using
0:38:48
the other day to execute it but just
0:38:50
what tori's saying in the chat now he's
0:38:52
saying that we should do it in the back
0:38:54
end and not the front end because
0:38:56
and i think that's a good point as well
0:38:59
his front end might take forever back in
0:39:02
if we sanitize the message then
0:39:05
um before it executes maybe that could
0:39:10
so we're still getting the
0:39:12
dirty html message in the front and then
0:39:14
cleaning it up in the back end
0:39:17
it's a good point um
0:39:23
yeah he says you want to sanitize it
0:39:25
when you're receiving the message
0:39:26
anyways not when you send it that's a
0:39:34
i was thinking more along
0:39:37
when we received the
0:39:48
receiving you as in because
0:39:51
when someone does it we receive that
0:39:59
sorry say that again
0:40:01
so we we probably need to
0:40:05
sanitize it when we receive the message
0:40:15
want to do it when receiving so say for
0:40:18
example you have a board and i know your
0:40:22
connection i've been the attacker
0:40:26
actually send it but you you're the one
0:40:29
who's gonna receive it
0:40:31
so if we do it on the receiving as in
0:40:34
set if you sanitize on your end which
0:40:39
would be receiving the message
0:40:42
that might make more sense
0:40:47
tori is saying that
0:40:49
the way we want to do it now might be
0:40:51
easy to get around
0:40:55
yeah if we were to
0:40:57
add this dom purify sanitize
0:41:01
um in the back end so the message is
0:41:04
you know what i'm saying right saying
0:41:06
like it would be center h like the html
0:41:09
that they're executing the script tags
0:41:13
um and then on the back end code before
0:41:17
we run before we execute on the back end
0:41:20
we clean it up first using the
0:41:23
if you get whatever i think that's what
0:41:25
tori means and yeah
0:41:29
repeat that because i
0:41:31
wasn't able to understand
0:41:35
so you know how we'll be using this um
0:41:39
don't purify in the front and now which
0:41:43
the the script tags
0:41:47
basically instead of
0:41:52
instead of running it on the front end
0:41:55
sorry it's really convincing i shouldn't
0:41:57
do that anyways instead of
0:42:00
running this at the front end
0:42:03
do it on the back end side instead right
0:42:09
if we add this here it's gonna clean it
0:42:14
uh on the front end and then send it as
0:42:20
instead of that send it as dirty to the
0:42:22
back end and then clean it up in the
0:42:32
but that would mean that
0:42:34
we will still experience
0:42:37
these kind of attacks in the front end
0:42:41
if we are doing this
0:42:42
sanitizing only in the back end
0:42:48
but essentially like
0:42:49
so for this websocket thing right it
0:42:52
it requires both the front-end and
0:42:55
parts to work right
0:42:58
if it's clean on the back end then it
0:43:00
won't it still won't uh
0:43:03
it still won't execute isn't that right
0:43:11
mistaken websockets are just for the
0:43:22
no no no no no that doesn't make sense
0:43:25
because if it was then we wouldn't be
0:43:28
getting connection ids in the db
0:43:38
what you guys are suggesting of all
0:43:46
so what you guys are suggesting that
0:43:49
when we receive the messages
0:43:52
when we receive the access attack
0:43:55
we don't sanitize it in the front end
0:43:57
but when we are saving in the db only
0:44:03
sanitize it but that's also in the back
0:44:12
or have i gone go on the completely
0:44:17
before you before you save anything into
0:44:28
okay so how how will we stop them coming
0:44:33
coming in the browser the browser is in
0:44:39
as in on the client side
0:44:50
okay this is just too funny but um
0:44:54
let me let me think about it real quick
0:45:08
when they're doing
0:45:15
yes trying not to pay that much
0:45:17
attention on jacob's and comments
0:45:20
because he loves just to spice things up
0:45:24
which is fantastic
0:45:27
fun but at the same time we need to keep
0:45:35
it's uh it's breaking my thoughts as
0:45:57
so right now when they execute it
0:46:16
i'm executing this
0:46:26
it's really good having this as yourself
0:46:36
well because it adds up a bit of a taste
0:46:40
of often entertaining fun
0:47:10
again don't pay too much attention okay
0:47:27
let me just have a look
0:47:52
probably finished talk to me about your
0:47:56
rather than seeing the code as in what
0:48:01
what thought came into your mind about
0:48:05
the process on how we should do it in
0:48:12
what thought provoked that it should be
0:48:26
what tori was saying and
0:48:28
yeah what tori was saying
0:48:32
you know it could be easier to
0:48:35
to manipulate in the front end so if
0:48:38
you know if they in my perception
0:48:42
um they could probably exploit the
0:48:45
you know whatever process we're using in
0:48:47
terms of the dom purifier in the front
0:48:51
you know how would they exploit
0:48:57
measurements in the client's
0:49:01
how would they bypass
0:49:07
i was thinking maybe if they knew
0:49:11
of how you know don't purify is
0:49:13
implemented then they could you know
0:49:16
kind of it's kind of mim it makes it
0:49:19
harder of course is
0:49:22
you know they can get around that
0:49:23
is what i was thinking but if dom purify
0:49:26
was in the back and then it would be
0:49:27
harder to get around it
0:49:28
because they're basically executing the
0:49:36
oh yeah they're basically executing the
0:49:38
functions in still front end and
0:49:42
to do this to do this hack or this
0:49:45
attack so so you're basically
0:49:49
saying that if we place it in the client
0:49:52
side they would go in there
0:49:57
free posts see how they're working
0:50:01
maybe it could take them days weeks
0:50:05
and then they will come back and
0:50:12
pull a change in the original repo which
0:50:16
would make the dom prefire not work in a
0:50:22
which we have implemented which means
0:50:25
that they would easily be able to bypass
0:50:33
yeah that's a very long process but i
0:50:35
you know i assumed that
0:50:38
they could potentially be a
0:50:43
straightforward way
0:50:44
of them getting around that
0:50:47
not like you know that whole long
0:50:52
yeah i think i need to think about it a
0:50:54
little bit more to be honest but
0:50:59
yeah what i was thinking is if it was in
0:51:03
back end right it would the messages
0:51:06
would still be sent as that's how they
0:51:08
are being inputted right like how
0:51:10
you know they're still gonna use the
0:51:12
dispatch websocket function and
0:51:16
you know enter it you know
0:51:21
you know the html is raw okay
0:51:26
how would they be able to enter the html
0:51:29
as a raw if we're already preventing
0:51:31
them in the client side
0:51:33
yeah so yeah i'm saying if we don't
0:51:35
implement it in the client side they
0:51:36
would essentially enter it as raw
0:51:43
using the dong purifier
0:51:47
clean up the message in everywhere that
0:51:50
they could possibly
0:51:52
everywhere that's a request is being
0:51:55
in that way maybe there would also be
0:52:01
right i see where you're coming from
0:52:04
basically you want to um implement it in
0:52:08
the back end because
0:52:11
if it was implemented in the client side
0:52:13
then they can all easily go and then
0:52:18
figure out a really quick way to bypass
0:52:32
yeah yeah essentially if they could uh
0:52:35
if they know i guess how it's
0:52:40
yeah if they know how it's implemented
0:52:44
yeah that could be done but
0:52:48
saying that if we have it implemented in
0:52:55
then that doesn't necessarily fulfill
0:53:00
see the attacks are in the browser and
0:53:04
if someone does attacks in the browser
0:53:07
they would hear all
0:53:16
he's a doggy dog i'm a little teapot as
0:53:19
in those kind of set things but it's in
0:53:21
the browser itself
0:53:27
to me according to my understanding it
0:53:30
doesn't really make sense if you
0:53:33
wanna implement it in the back end
0:53:36
the attack is being in a client side why
0:53:39
because the browser is on the client
0:53:42
even if we implement it in the back end
0:54:00
okay so okay maybe okay maybe i need to
0:54:03
get a better understanding of the
0:54:08
of how it's connected but
0:54:12
isn't it still that
0:54:13
the code is being executed you know
0:54:17
via the back end anyways because for the
0:54:20
web connection to work right web circuit
0:54:23
like it has to to go
0:54:25
um why the back end so
0:54:28
um in that sense that's
0:54:31
kind of what i'm saying right like i
0:54:32
understand what you're where you're
0:54:40
so i've got a question
0:54:43
for you how is the
0:54:45
attack been being done at the moment
0:54:49
tory went through as in in the whole
0:54:53
investigation and i'm assuming
0:54:58
sorry know how is it being done in the
0:55:00
in the in the in the browser
0:55:07
yeah but i can just show you briefly um
0:55:11
no um i don't really wanna um
0:55:14
no i just wanna know as in from your
0:55:17
observation as in how do you think the
0:55:22
working as in from your understanding
0:55:27
um so basically the
0:55:30
the function the websocket function in
0:55:33
the front end right
0:55:40
the attackers are using that websocket
0:55:45
from where can they see the websocket
0:55:50
where can they see the websocket string
0:55:52
because obviously they can see the
0:55:57
websockets string and then they are
0:56:06
the websocket function they can see it
0:56:09
through the front end yeah
0:56:12
through the front end where
0:56:16
oh what do you mean like through the
0:56:18
console um yes and where's the console
0:56:24
yeah the console is in the front end
0:56:33
ignore them ignore them
0:56:41
so basically right
0:56:44
they're inputting it the function in the
0:56:48
so they're using the function from the
0:56:50
front end i understand that
0:56:53
but still the message has to go from the
0:56:56
front end to the back end right so
0:57:00
i guess my thought process was that only
0:57:03
when this set and the
0:57:06
the notes are being saved only then
0:57:12
but the web click web socket connection
0:57:14
isn't it still open to
0:57:17
it it is open for everybody right yes
0:57:19
and it still has to go via the back end
0:57:21
isn't that correct like
0:57:26
websocket connection according to me how
0:57:30
according to my understanding how it
0:57:35
soon as a person visits the board
0:57:39
and one other connection is opened
0:57:44
okay that connection is in the
0:57:50
but the connection details are saved
0:57:53
only in the back um in the
0:57:56
dynamodb which goes through the back end
0:58:00
so just the connection details
0:58:06
just the connection details okay
0:58:09
for example connection
0:58:37
think about it we can probably have
0:58:40
champ basically or of
0:58:43
offline and um yeah we can take it from
0:58:47
yeah yeah okay i need to think about it
0:58:52
i mean c is a complicated as in
0:58:55
architecture as in from
0:59:00
as in our experience as in because i'm
0:59:06
my first time and told his first time to
0:59:10
actually know the entire
0:59:12
app based on the architecture itself and
0:59:18
complicated so it's always good to kind
0:59:23
think about things and then
0:59:27
and then come back to it
0:59:29
yeah yeah okay so all right fantastic
0:59:33
all right wow the time just flew past 10
0:59:44
you want to do the honors yes sure
0:59:52
joining us everyone
0:59:54
on another episode of bill breaking fix
1:00:03
vulnerability you know uh and on our
1:00:08
and basically zayn and i had a
1:00:10
discussion about where would be the best
1:00:14
would be the best side to
1:00:19
option of where we would implement it
1:00:21
either front and a back end
1:00:23
and yeah i think for me personally i
1:00:26
have a bit more of a look at the
1:00:29
and understand a bit more about how the
1:00:31
connection's being made and then
1:00:33
um yeah better understand it
1:00:35
but yeah anyways good discussions and i
1:00:37
think so anyways um and if you'd like to
1:00:40
see how this plays out then join us
1:00:44
same time same place and
1:00:51
thanks for joining and yeah we'll see
1:00:54
tomorrow bye for now
