djmitche
commented
1 month ago This functionality is not currently implemented in taskchampion-sync-server. It's needed, though!
Open Ecsodikas opened 1 month ago
djmitche
commented
1 month ago This functionality is not currently implemented in taskchampion-sync-server. It's needed, though!
djmitche
commented
1 month ago I don't have any specific designs in mind for fixing this. This is one of the reasons this is a "reference" implementation.
A short-term fix might be a command-line flag to control whether new client-ids are allowed. Then you could enable that for your first sync, and then disable it thereafter.
kquinsland
commented
2 weeks ago I don't have any specific designs in mind for fixing this.
Might I suggest looking at how sync is done with the atuin tool? It's also written in rust and the sync server is little more than an encrypted blob storage tool. To keep blobs separate, a simple user/password auth is needed but that auth only permits access to the blobs, not the content of the blobs.
Hello everyone,
either I am missing a huge point here or maybe I don't understand how the authentication was intended, but isn't there a way to set authentication credentials when hosting a taskchampion sync server instance?
Currently I'm hosting a instance via a docker container on a server of mine. My clients .taskrc now has the following entries:
I can now sync my stuff with the server. But I can't tell the server to only accept tasks from clients with a specific id. So in theory, as soon as someone knows that a specific URL hosts a taskchampion sync server it can be flooded with spam, that I'm not even able to read because I don't know the encryption key of the attacker.
Do I have to set up an authentication myself?
Thanks in advance!