-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reconsider silly "security" practicies #594
Comments
Hi @dsvi, there is, in fact, a conversation happening about API tokens for apps like the WebUI and others, see: ipfs/kubo#1532 Consider joining the conversation. The current mechanism is not the best, but it is not creating issues other than the one that it is there for, limiting access to the webui from an outside node. Remember, Webui is just a webpage, you can always change that value and also change the value in go-ipfs and use that special node for yourself :) |
Hi! |
Yes, this is really an issue for me. I am VPN'ing through the server on which IPFS is running. localhost refers to my laptop, so I need to get to the ui via http://ServerIP:5001/webui. As a comparison, the torrent client transmission provides a "-a" option for allowed IP's. I give it localhost and the IP address of the server. It also allows a "-t" option to set a username ("-u") and a password ("-v"). You might want to consider this approach. |
But see 0 peers?
|
Closing in favour of #836 |
According to the issue:
#591
The WebUI has weird "security protection mechanism" in the form of hardcoded 'localhost' strings in it's javascript.
This really is a weak security feature (to put it mildly) and causes more problems than it solves. In fact, it solves none.
I do believe this should be reconsidered.
The text was updated successfully, but these errors were encountered: