Suggestion: Each time sys-ftpd is enabled, set a nonce as default password

cathery / sys-ftpd

Nintendo Switch FTP server as a background service (sysmodule)

GNU General Public License v3.0

240 stars 14 forks source link

Suggestion: Each time sys-ftpd is enabled, set a nonce as default password #12

Closed fullmetal1 closed 4 years ago

fullmetal1 commented 4 years ago

Some of the people in the switch lan play servers have been getting hacked and having their SD card data deleted, or other files added to their SD cards because their ftpd was enabled while they were using lan play.

A nonce password accessible through the switch GUI (possibly an overlay) would fix the problem, without requiring additional user setup. (the homebrew app store routinely deletes custom config files as well, requiring passwords be reset every update).

cathery commented 4 years ago

I'm not sure what the optimal solution to this problem would be. Nonce password requires that a GUI app is developed, and is also cumbersome. I'd like to implement Defender0fHyrule's idea from #13, where anonymous connection is disabled by default, and the sysmodule will reject all connection unless both login and password are set. Would you be okay with that?

fullmetal1 commented 4 years ago

Both solutions are nearly equally as secure for the end user. Mine is (imo) a bit more elegant (and the rotating password is technically more secure), but if it's too much work for the minor gains, something like what DefenderOfHyrule suggested is a perfectly functional solution.