README: Warn users about URL fetch network security implications

This commit is contained in:
Mia Herkt 2022-08-19 22:27:29 +02:00
parent c7a728ce84
commit afb5811879
No known key found for this signature in database
GPG key ID: 72E154B8622EC191

View file

@ -42,3 +42,17 @@ the following:
* Caffe Python module (built for Python 3) * Caffe Python module (built for Python 3)
* ``ffmpegthumbnailer`` executable in ``$PATH`` * ``ffmpegthumbnailer`` executable in ``$PATH``
Network Security Considerations
-------------------------------
Keep in mind that 0x0 can fetch files from URLs. This includes your local
network! You should take precautions so that this feature cannot be abused.
0x0 does not (yet) have a way to filter remote URLs, but on Linux, you can
use firewall rules and/or namespaces. This is less error-prone anyway.
For instance, if you are using the excellent `FireHOL <https://firehol.org/>`_,
its very easy to create a group on your system and use it as a condition
in your firewall rules. You would then run the application server under that
group.