zlacker

[return to "Cloudlflare builds OAuth with Claude and publishes all the prompts"]
1. rienbd+s22[view] [source] 2025-06-03 06:30:13
>>gregor+(OP)
The commits are revealing.

Look at this one:

> Ask Claude to remove the "backup" encryption key. Clearly it is still important to security-review Claude's code!

> prompt: I noticed you are storing a "backup" of the encryption key as `encryptionKeyJwk`. Doesn't this backup defeat the end-to-end encryption, because the key is available in the grant record without needing any token to unwrap it?

I don’t think a non-expert would even know what this means, let alone spot the issue and direct the model to fix it.

◧◩
2. victor+Ng2[view] [source] 2025-06-03 08:58:34
>>rienbd+s22
That is how LLM:s should be used today. An expert prompts it and checks the code. Still saves a lot of time vs typing everything from scratch. Just the other day I was working on a prototype and let claude write code for a auth flow. Everything was good until the last step where it was just sending the user id as a string with the valid token. So if you got a valid token you could just pass in any user id and become that user. Still saved me a lot of time vs doing it from scratch.
◧◩◪
3. XCSme+sx2[view] [source] 2025-06-03 11:45:41
>>victor+Ng2
> Still saves a lot of time vs typing everything from scratch.

In my experience, it takes longer to debug/instruct the LLM than to write it from scratch.

◧◩◪◨
4. Culona+BA2[view] [source] 2025-06-03 12:13:38
>>XCSme+sx2
Depends on what you're doing. For example when you're writing something like React components and using something like Tailwind for styling, I find the speedup is close to 10X.
◧◩◪◨⬒
5. azemet+2D2[view] [source] 2025-06-03 12:30:20
>>Culona+BA2
Isn’t this because the LLMs had like a million+ react tutorials/articles/books/repos to train on?

I mean I try to use them for svelte or vue and it still recommends react snippets sometimes.

◧◩◪◨⬒⬓
6. lengla+fv5[view] [source] 2025-06-04 13:04:04
>>azemet+2D2
I have had no issues with LLMs trying to force a language on me. I tried the whole snake game test with ChatGPT but Instead of using Python I asked it to use the nodejs bindings for raylib, which is rather unusual.

It did it in no time and no complaints.

◧◩◪◨⬒⬓⬔
7. azemet+RY6[view] [source] 2025-06-04 21:59:51
>>lengla+fv5
To be more honest, it did feel like if I just stuck with the standard library it was okay at generating a higher ratio of useful snippets. Once I introduced a library is where things fell apart.
[go to top]