Project

General

Profile

« Previous | Next » 

Revision 8734

web/links/index.htm: BitTorrent Sync: security warning about data leak: added link to reported bug at http://forum.bittorrent.com/topic/18612-security-hole-in-linux-webui-makes-all-your-files-publicly-accessible/ . updated workaround instructions.

View differences:

index.htm
125 125
        <DT><H3 ADD_DATE="1367306535">BitTorrent Sync</H3>
126 126
<DD>page's description: -
127 127

  
128
SECURITY WARNING: running btsync on Linux will by default create a *publicly-accessible, unprotected* WebUI, allowing anyone on the web to create a sync folder to view and edit any of your files. to avoid this, always run btsync with a config file which sets a password on the WebUI. if you have already run btsync, run `killall btsync` to turn off the WebUI.
128
SECURITY WARNING: Running btsync on Linux will by default create a *publicly-accessible, unprotected* WebUI, allowing anyone on the web to create a sync folder to view and edit files your files (i.e. files in directories writable by you).
129
A temporary workaround is to run `killall btsync` to turn off the WebUI, and then use --config with a config file that sets webui &gt; password to a secure password. You can use `lsof -i` to verify that the WebUI is not running.
130
This bug has been reported at http://forum.bittorrent.com/topic/18612-security-hole-in-linux-webui-makes-all-your-files-publicly-accessible/ .
129 131
</DD>
130 132
        <DL><p>
131 133
            <DT><H3 ADD_DATE="1367351751">WebUI</H3>

Also available in: Unified diff