martinhoefling
commented
4 years ago gopassbridge is not vulnerable against portscanning as it is not opening any ports on gopass side. It's purely using native messaging to communicate with gopass.
Closed jerger closed 4 years ago
martinhoefling
commented
4 years ago gopassbridge is not vulnerable against portscanning as it is not opening any ports on gopass side. It's purely using native messaging to communicate with gopass.
jerger
commented
4 years ago cool :-)
If I know right, gopassbridge uses a localhost-webservice to talk to gopass.
As I read https://nullsweep.com/why-is-this-website-port-scanning-me/ I asked myself whether portscanners can detect my localhost gopass webservice and how this connection is secured against evil websites ...
Do you have some kind of threat-analysis done? Is there sth. I can read about your considerations?