You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I first started writing davos (it was originally a redo of auto-ftp), I envisaged it as a pet project to help home my skills in various libraries and frameworks. I liked Spring; Java is my language of choice, and we toyed with file transfers a fair bit at work. I wanted to see if I could incorporate these into a single app.
However, I cut some corners during the initial coding and hard coded the StrictHostKeyChecking to "no", just so I could minimise the amount of effort required to get SFTP up and running.
Since davos appears to have kicked off a little bit, I should really take this as a priority to change as it leaves users vulnerable to Man-in-the-middle attacks.
My proposed solution is to make use of an app-specific known_hosts file in /config and save the host keys there. Verification will take place on the Edit Host screen and new hosts will require this verification to take place by the user (via a confirm box).
I am trying to work out the best way for existing users to do this so if anyone has any ideas, I'm all ears.
The text was updated successfully, but these errors were encountered:
When I first started writing davos (it was originally a redo of auto-ftp), I envisaged it as a pet project to help home my skills in various libraries and frameworks. I liked Spring; Java is my language of choice, and we toyed with file transfers a fair bit at work. I wanted to see if I could incorporate these into a single app.
However, I cut some corners during the initial coding and hard coded the StrictHostKeyChecking to "no", just so I could minimise the amount of effort required to get SFTP up and running.
Since davos appears to have kicked off a little bit, I should really take this as a priority to change as it leaves users vulnerable to Man-in-the-middle attacks.
My proposed solution is to make use of an app-specific known_hosts file in /config and save the host keys there. Verification will take place on the Edit Host screen and new hosts will require this verification to take place by the user (via a confirm box).
I am trying to work out the best way for existing users to do this so if anyone has any ideas, I'm all ears.
The text was updated successfully, but these errors were encountered: