-
Notifications
You must be signed in to change notification settings - Fork 285
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security issue]: Password bruteforcing #195
Comments
Would be pretty cool. The only thing im not sure about is: |
You have a good point actually. So if a user explicitly wants to enable such a feature, they should be aware of the possible implications and/or drawbacks for doing so. In any case, I just listed a few ideas that came into mind while writing up about the issue, so I'm sure there are better alternatives :) |
I disagree with enforcing password policies. Fail2ban sounds like a better implementation. |
Again, no enforcing. Everything listed under the suggested features should be optional features. It should NOT be the default. |
Observed issue:
From the tests I've been conducting, it is fairly easy to bruteforce the password that's been set on a shared file, as the current implementation of Send doesn't prevent the user from trying incorrect passwords indefinitely without any restrictions.
Suggested security features:
Final note:
Ideally, this could be all optional features that can be selected when uploading the file. This way, people who don't want to add extra security don't have to.
The text was updated successfully, but these errors were encountered: