Comment on introducing copyparty, the FOSS file server
perishthethought@piefed.social 4 weeks ago
The fact you mention security features, without ever saying it's 'super secure' tells me you know a lot about what you're doing. I'm so sick of apps like this that start with "most secure app on the net" but you know they're delusional. Thank you, going to check this out.
tripflag@lemmy.world 4 weeks ago
so uhh, sorry for the late response to this – was going to reply much earlier, but then suddenly it became more timely than ever…
the good news is, I’m fairly confident in how it handles the filesystem and permissions, preventing unauthorized access to files.
but the part I’m a bit less sure about is sanitizing user data; the kind of vulnerabilities where someone uploads a malicious file and bad stuff happens if you then open that file in a certain way, or someone sends you a malicious link and trick you into clicking it – in other words, the kind of vulnerabilities which require the attacker to have a certain level of access already, or that requires tricking you into doing something.
…and with version 1.18.5 released just now, we got a prime example of exactly one of those. Really unfortunate timing, but it’s a blessing to have so many new and curious eyes on it to spot these sooner rather than later. It is what it is.