aidlearning
commented
2 years ago 已经在开发计划中了
Closed LY1806620741 closed 2 years ago
aidlearning
commented
2 years ago 已经在开发计划中了
LY1806620741
commented
2 years ago 另外,在版本aidlux1.2,我发现cloudip是默认打开的,并且noVnc是常驻,当开启xfce4时访问 http://ip:6080/vnc.html 竟然可以免密登录,这实在是太危险了。In addition, in version aidlux1.2, I found that cloud IP is turned on by default, and novnc is resident. It is accessed when xfce4 is turned on http://ip:6080/vnc.html It's too dangerous to log in without secret. (Baidu Translate)
aidlearning
commented
2 years ago good idea!
LY1806620741
commented
1 year ago 该问题并没有解决 version:1.3.0.477 aid desktop:1.5.1
LY1806620741
commented
1 year ago @aidlearning
我看不到任何改进,如果可以,要不我来开发? I can't see any improvement. Can I help it?
这是我一年都没碰aidlux的原因,期待值逐步降低,因为它还做得不够好。This is the reason why I haven't touched Aidlux for a year. The expectation is gradually lowered because it is not safe enough.
cloudip功能是一个极好用的功能,但是他通过局域网http协议明文传输密码,这在大局域网例如校园是十分不安全的,别人通过抓包可以获取你的密码(特别是弱密码),并获得访问你个人手机数据的权限。我的建议是增加ip访问白名单机制,对所有请求ip列表进行临时授权。这个建议是否可行,或实用,如果有更好的方法请告知我。cloud IP is an excellent function, but it transmits passwords in plaintext through the LAN HTTP protocol, which is very unsafe in large LAN such as campus. Others can obtain your password (especially weak password) by capturing packets, and access your personal mobile phone data. My suggestion is to add IP access whitelist mechanism to temporarily authorize all request IP lists. Whether this suggestion is feasible or practical, please let me know if there is a better method.(Lazy translator from Baidu)