Add an access key so that random people don't start using my server to host their porn. #28
Conversation
…o host their porn.
|
It's not really safe since anyone on the same network as you can just sniff the traffic and find the key (unless you're on SSL). A better approach would be a challenge-response or simply requiring SSL when a "access key" is enabled (eg when the access key variable is not empty). I've been running Scrup myself for a few years and never had a problem w security (I've put the recv.php under an obscure name in an obscure place that's not the same as where images are served from). Putting recv.php under an obscure name, say, dornb5mdi3ks is as effective as using a secret key, over an unsecure connection. |
1 similar comment
|
It's not really safe since anyone on the same network as you can just sniff the traffic and find the key (unless you're on SSL). A better approach would be a challenge-response or simply requiring SSL when a "access key" is enabled (eg when the access key variable is not empty). I've been running Scrup myself for a few years and never had a problem w security (I've put the recv.php under an obscure name in an obscure place that's not the same as where images are served from). Putting recv.php under an obscure name, say, dornb5mdi3ks is as effective as using a secret key, over an unsecure connection. |
|
I'm not worried about people on the same network. I'm worried about either script kiddies looking for a recv.php script, or people seeing image links I post and knowing to look for the script. Yes, changing the name to something long and random is effectively the same as having a key, but I think more people are likely to set a $KEY variable in the file than think to change the name. If you really wanted security, you could have the Mac app generate certs and use those, but that's probably overkill. |
No description provided.