Closed hungry-bogart closed 8 months ago
You can add the PSITRANSFER_UPLOAD_PASS env variable, this makes you enter a password before you can upload a file. Downloads are unimpacted.
I tried this out. Thanks for the answer. Feel free to close. Everyone I've showed this to loves it. It's great for CTFs when you're working with a team. Not sure if that was the intended use, but hey.
Hi,
I recently started self-hosting this via Docker and I really like how simple it is to use. I did have questions about whether or not the uploads could be abused or not.
If there's an issue that answers this please point me in that direction. I'm just thinking if someone decided to enumerate my domain name and they found this app could they just upload whatever they want to it?
I'll probably put this app behind some sort of auth like Authelia or whatever, but I just thought I'd ask. Great job with this btw.