Revision 8734
Added by Aaron Marcuse-Kubitza over 11 years ago
index.htm | ||
---|---|---|
125 | 125 |
<DT><H3 ADD_DATE="1367306535">BitTorrent Sync</H3> |
126 | 126 |
<DD>page's description: - |
127 | 127 |
|
128 |
SECURITY WARNING: running btsync on Linux will by default create a *publicly-accessible, unprotected* WebUI, allowing anyone on the web to create a sync folder to view and edit any of your files. to avoid this, always run btsync with a config file which sets a password on the WebUI. if you have already run btsync, run `killall btsync` to turn off the WebUI. |
|
128 |
SECURITY WARNING: Running btsync on Linux will by default create a *publicly-accessible, unprotected* WebUI, allowing anyone on the web to create a sync folder to view and edit files your files (i.e. files in directories writable by you). |
|
129 |
A temporary workaround is to run `killall btsync` to turn off the WebUI, and then use --config with a config file that sets webui > password to a secure password. You can use `lsof -i` to verify that the WebUI is not running. |
|
130 |
This bug has been reported at http://forum.bittorrent.com/topic/18612-security-hole-in-linux-webui-makes-all-your-files-publicly-accessible/ . |
|
129 | 131 |
</DD> |
130 | 132 |
<DL><p> |
131 | 133 |
<DT><H3 ADD_DATE="1367351751">WebUI</H3> |
Also available in: Unified diff
web/links/index.htm: BitTorrent Sync: security warning about data leak: added link to reported bug at http://forum.bittorrent.com/topic/18612-security-hole-in-linux-webui-makes-all-your-files-publicly-accessible/ . updated workaround instructions.