I've just noticed that profile routing seems to be handled through first level slugs, such that , for example, `https://sbox.game/login` takes you to a players profile
Easy to overlook, but this is a non-trivial security risk that can easily be solved by popping profiles down a level to /profile/[username] or /id/[username]
Not the end of the world, but worth patching up before things get crazy around here post-launch imo
p.s. forgive me if this is the wrong place for such a report, I wasn't sure where else to post
edit: I've just noticed that my profile URL is `https://sbox.game/u/thecoppinger` — I'm guessing the profile example I gave (/login) is a leftover from an earlier version of the site?
Easy to overlook, but this is a non-trivial security risk that can easily be solved by popping profiles down a level to /profile/[username] or /id/[username]
Not the end of the world, but worth patching up before things get crazy around here post-launch imo
p.s. forgive me if this is the wrong place for such a report, I wasn't sure where else to post
edit: I've just noticed that my profile URL is `https://sbox.game/u/thecoppinger` — I'm guessing the profile example I gave (/login) is a leftover from an earlier version of the site?
