I know training mode isnt meant to be secure. But since we're using it for a graded component in 2040 (its not alot 3% i think but still).
We should definitely look into securing it better.
currently, you can call the getAnswers endpoint as many times as you like.
students can call this endpoint to get the answers and then fill it in and then get full marks to show their TAs.
poc below:
https://gist.github.com/jiachen247/c7e9888f58149550274c6836d1db57c6
i dont mind doing the PR but just let me know yall thought on this.
I know training mode isnt meant to be secure. But since we're using it for a graded component in 2040 (its not alot 3% i think but still).
We should definitely look into securing it better.
currently, you can call the
getAnswersendpoint as many times as you like.students can call this endpoint to get the answers and then fill it in and then get full marks to show their TAs.
poc below:
https://gist.github.com/jiachen247/c7e9888f58149550274c6836d1db57c6
i dont mind doing the PR but just let me know yall thought on this.