Tor password authentication #746
Conversation
…d be heavily restricted in file system.
|
I apologize for taking up so many workflow runs, I'm still trying to figure things out. |
|
For privacy perspective, I don't think it's a good idea to implement password instead of cookie. In general, I don't understand why we need to give user permission to change the tor control port by risking server security. |
|
I understand. I think this could provide more options to the user, as neither option is directly more or less secure than the other. With the way I'm thinking this should be set up, it would restrict whoogle's access to the file system much more. |
What about this method could be a security risk? |
I read your code. The only thing this code do is deciding whether server needs to enable Tor or not. It's unnecessary extra step to disable Tor connection. Manging password makes hard to secure Docker container too. |
|
I apologize, I am confused.
Didn't the code previous to my changes do this already? I just made it so the code determines this factor through passwords as well.
My code doesn't change anything with Docker, since by default cookies are only enabled in torrc in Docker, it doesn't even use password authentication in Docker, correct? I think you are right though passwords shouldn't be used in Docker. |
Sorry, do you mean the attempt to always authenticate passwords with multiple try and except blocks is unnecessary? If so, I agree, I will get on that. |
@nakoo I think I understand what you were talking about here. Did my recent commits fix the issue with unnecessary extra steps? |
Added the ability for user to authenticate tor control ports with passwords. It could be a better alternative to cookies, as passwords doesn't require changing file permissions.