Open scriptzteam opened 7 years ago
asapach
commented
7 years ago I feel like user management, authentication, authorization, etc. is beyond the scope of this project. You can try setting up a reverse proxy (like nginx) in front of the server to handle auth and sessions.
scriptzteam
commented
7 years ago nono i mean like ip based check or session check maybe ?
asapach
commented
7 years ago Session requires authentication, which in turn requires user management, etc. See the discussion in #77
asapach
commented
7 years ago Oh and if you want IP-based security, you can either setup your firewall or configure a reverse proxy: Apache or nginx
ViperCode7
commented
6 years ago I have to agree.... the most that bothers me is when some nut job deletes all torrents so he can add his.
What scriptzteam wants is a session based authorization scheme. For instance when a user accesses the site for the first time he gets a session ID based on a hash of his IP and some salt, unix time etc. Adding a torrent will be marked as removable only by that session ID, a timeout of hours or days (if there's already one implemented) or by the owner of the site.
What you've suggested doesn't hinder anyone from removing the torrents. What we want is to separate superuser rights on what we add vs other users. I should not be able to remove someone else's torrents, nor should he mine.
It's a pretty simple, yet elegant way of giving each user rights without the hassle of user management.
scriptzteam
commented
6 years ago torx.cat works this way ;)
ViperCode7
commented
6 years ago When it works... for me it doesn't and peerflix-server is more popular, way way more sites with it.
For example if i share the url anyone can delete stop my torrents, is there any way to create per user or ip or session id like http://someip.org:9000/#session_id/ so only those with session id can manage and see thier torrents?
THX!