search

fraction / oasis

Free, open-source, peer-to-peer social application that helps you follow friends and discover new ones on Secure Scuttlebutt (SSB).
http://oasis-demo.fraction.io
GNU Affero General Public License v3.0
286 stars 42 forks source link

proposal for basic authentication #297

Open seekr opened 4 years ago

seekr commented 4 years ago

What's the problem you want solved?

I wanted to host Oasis in a remote server while restricting access to it to myself. Right now, I could run it in --public mode, but I wouldn't be able to post either. Temporarily making it non --public could work, but it would leave the system vulnerable during that time.

Is there a solution you'd like to recommend?

For now, I think Basic Authentication could work to protect publicly available Oasis instances (password stored in a config file?). In the future maybe we can have a access management section in Settings.

What version or commit of Oasis are you using?

commit 15417422a48ad57b39e088ae088dbfaee648e354

christianbundy commented 4 years ago

I think we'd also need HTTPS working for this, since otherwise we'd be sending the password (and all data) in plaintext. I've experimented with Site.js in this branch but haven't configured it with a hostname yet.

georgeowell commented 4 years ago

I think we should be wary of people using Oasis remotely unless they know what they are doing. I think it would be cool to access Oasis remotely via a Tor onion service or over SSH.