diachedelic / capacitor-blob-writer

Capacitor plugin to write binary data to the filesystem
MIT License
132 stars 17 forks source link

ios: reject unauthorized requests BEFORE temp file is written #12

Open diachedelic opened 4 years ago

diachedelic commented 4 years ago

Pending https://github.com/swisspol/GCDWebServer/issues/479

If an attacker on the local network found the port of GCDWebServer, they could potentially write a bunch of temp data to disk (although it would be deleted immediately and would have no affect on data in the app's sandbox). Better safe than sorry though.

diachedelic commented 4 years ago

Update: iOS now hosts the server on localhost, so the attack would have to be coming from the device itself.