-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OLLAMA forced to use local process and has not API override[ISSUE] #569
Comments
I don't see this as an issue because ollama and devika aren't built for
security--it's counterproductive to spend energy on over-engineering for
security issues. You shouldn't be using something like this in a secured
setting.
…On Sat, May 18, 2024 at 3:06 PM Mookins ***@***.***> wrote:
Ollama running remotely via API should NEVER have the API sitting exposed
it's a security risk, why wouldn't you have the same options in the
settings panel to set it manually?
—
Reply to this email directly, view it on GitHub
<#569>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AFACJ5VZQQOXIH552J2BKZ3ZC6RELAVCNFSM6AAAAABH5V4XTSVHI2DSMVQWIX3LMV43ASLTON2WKOZSGMYDIMRXGYZTAMA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Thats the most ridiculous statement, force local use only so anyone who runs a separate machine has to put extra time in when it could just work, its not even like adding it would have been a sinkhole, the options are there are were built for the other endpoints, openAi compatible endpoints exists it would have been less work to just code it with this in mind. and finally just because something isn't primarily focused on security doesn't mean it should just ignore it... There is a reason many projects in this space are adding security features in... but by all means you keep running your public facing APIs with no security. |
Its literally just allowing an API key input box.... Im still baffled by the stupid comment. |
Ollama running remotely via API should NEVER have the API sitting exposed it's a security risk, why wouldn't you have the same options in the settings panel to set it manually?
The text was updated successfully, but these errors were encountered: