-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UI默认不鉴权的安全性 #1026
Comments
身份认证只是一个方面吧,对于个人来说还行,但是公司内部其他人员使用,很难保证密码强度弱可以被爆破。 |
另外这边对UI端口和代理端口也做了尝试,但是这边发现代理端口一定也可以作为UI端口去访问,这样的话,在PC上做防火墙策略也是不行,禁用端口会把代理和UI服务都禁用 |
命令行启动可以限制外部请求访问: |
但是这样的话,代理服务和UI都用不了了 |
想要的效果是代理服务可以,但是UI只对本地生效 |
部署到外网 UI 可以用独立host和端口 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
作者大大,关于代理配置界面的安全性,我看现在是默认8899会同时开放代理和UI,这个UI只要能连上代理的都能访问,并且默认是不进行鉴权,能不能加个配置,UI仅本机能访问?
The text was updated successfully, but these errors were encountered: