Quote:
Originally Posted by YGKGamer
I am assuming that if you can log the API key then you get access to the person's account. Why not make the login info required each time and it is not saved so that way you do not have access? Or force the user to use an authenticator like duo mobile. If my assumption is incorrect, then sorry, and please disregard this post.
|
Your assumption is incorrect, but I won't disregard your post as you've shown genuine interest in AI and not just responded with FUD.
The API key doesn't give access to the account, but it does allow
use of the account, i.e. expense would be incurred.
The way I designed my solution, and the way most APIs work, the API key is required for every call to the backend LLM. So the plugin would call my API, and my API would call the backend LLM, passing along the API key.
Anyway, it's a moot point, as I won't release this plugin due to lack of interest.