Implement DSM authentication in CGIs #19
Comments
|
Which CGI are you talking about? If it's for sabnzbd+ and Co, it seems to me to be useless, as anyone can use the real URL anyway. And this one is documented in the package manager. |
|
Yes, indeed, that's why I said "Not a big issue because it is just a redirect most of the time though". Anyway, for other CGIs, this has to be done. If you know a Python way to trigger DSM auth that could be useful. Haven't looked into it yet. Also, I've seen that we can now make a user administrator (DSM 3.2 feature? 3.1?) which means, for admin only packages we have to take that into account not just reject a request if user != "admin" like in the old days |
|
This is a tricky issue... This kind of security should be handled by DSM itself. I'll open a ticket to Synology. |
ghost
assigned
|
Security is provided by a Python module I made: https://github.com/SynoCommunity/spksrc/blob/develop/spk/haproxy/src/app/application/auth.py |
…update-fix-x265-ppc853x-4.3 Fix x265 for ppc853x-4.3 build
Like here : https://github.com/Diaoul/syno-packager/blob/master/src/SABnzbd/target/share/3rdparty/index.cgi
Because the link is available for everyone, even not auth to DSM.
Not a big issue because it is just a redirect most of the time though
The text was updated successfully, but these errors were encountered: