forked from mia/0x0
README: Warn users about URL fetch network security implications
This commit is contained in:
parent
c7a728ce84
commit
afb5811879
1 changed files with 14 additions and 0 deletions
14
README.rst
14
README.rst
|
@ -42,3 +42,17 @@ the following:
|
||||||
|
|
||||||
* Caffe Python module (built for Python 3)
|
* Caffe Python module (built for Python 3)
|
||||||
* ``ffmpegthumbnailer`` executable in ``$PATH``
|
* ``ffmpegthumbnailer`` executable in ``$PATH``
|
||||||
|
|
||||||
|
|
||||||
|
Network Security Considerations
|
||||||
|
-------------------------------
|
||||||
|
|
||||||
|
Keep in mind that 0x0 can fetch files from URLs. This includes your local
|
||||||
|
network! You should take precautions so that this feature cannot be abused.
|
||||||
|
0x0 does not (yet) have a way to filter remote URLs, but on Linux, you can
|
||||||
|
use firewall rules and/or namespaces. This is less error-prone anyway.
|
||||||
|
|
||||||
|
For instance, if you are using the excellent `FireHOL <https://firehol.org/>`_,
|
||||||
|
it’s very easy to create a group on your system and use it as a condition
|
||||||
|
in your firewall rules. You would then run the application server under that
|
||||||
|
group.
|
||||||
|
|
Loading…
Reference in a new issue