From afb581187981b56d29e7b11c15c5fce08c0899a6 Mon Sep 17 00:00:00 2001 From: Mia Herkt Date: Fri, 19 Aug 2022 22:27:29 +0200 Subject: [PATCH] README: Warn users about URL fetch network security implications --- README.rst | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/README.rst b/README.rst index 8b6cab5..f5270e4 100644 --- a/README.rst +++ b/README.rst @@ -42,3 +42,17 @@ the following: * Caffe Python module (built for Python 3) * ``ffmpegthumbnailer`` executable in ``$PATH`` + + +Network Security Considerations +------------------------------- + +Keep in mind that 0x0 can fetch files from URLs. This includes your local +network! You should take precautions so that this feature cannot be abused. +0x0 does not (yet) have a way to filter remote URLs, but on Linux, you can +use firewall rules and/or namespaces. This is less error-prone anyway. + +For instance, if you are using the excellent `FireHOL `_, +it’s very easy to create a group on your system and use it as a condition +in your firewall rules. You would then run the application server under that +group.