scripting
commented
8 years ago I'm glad people are reviewing the web server interface.
Please explain why /httpreadurl is a security issue. What's the exposure?
Open ePirat opened 8 years ago
scripting
commented
8 years ago I'm glad people are reviewing the web server interface.
Please explain why /httpreadurl is a security issue. What's the exposure?
ePirat
commented
8 years ago The range of issues this can cause is huge, you might want to read up on CORS and why it is important. Additionally allowing to proxy everything through someones server isn't a good idea, for example someone could download illegal resources through someones server this way or cause the server to download very big files and this way take up a lot of server memory and bandwidth.
The nodeStorage server has an endpoint
/httpreadurlwhich allows proxying everything through the server where it is installed, which can be a big security problem. This endpoint should be removed or at least properly secured.