psi-jack/0x0
1
0
Fork 0
mirror of https://git.0x0.st/mia/0x0.git synced 2024-11-09 11:48:59 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

README: Warn users about URL fetch network security implications

Browse source
This commit is contained in:
Mia Herkt 2022-08-19 22:27:29 +02:00
parent c7a728ce84
commit afb5811879
No known key found for this signature in database
GPG key ID: 72E154B8622EC191
1 changed files with 14 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.rst
View file

@ -42,3 +42,17 @@ the following:
* Caffe Python module (built for Python 3) * Caffe Python module (built for Python 3)
* ``ffmpegthumbnailer`` executable in ``$PATH`` * ``ffmpegthumbnailer`` executable in ``$PATH``
Network Security Considerations
-------------------------------
Keep in mind that 0x0 can fetch files from URLs. This includes your local
network! You should take precautions so that this feature cannot be abused.
0x0 does not (yet) have a way to filter remote URLs, but on Linux, you can
use firewall rules and/or namespaces. This is less error-prone anyway.
For instance, if you are using the excellent `FireHOL <https://firehol.org/>`_,
its very easy to create a group on your system and use it as a condition
in your firewall rules. You would then run the application server under that
group.