Enhancement: Do not expose custom endpoints to all users by default #3797
Replies: 1 comment 4 replies
-
At the moment, this is the point of having the config, to provide the configurable options to all users. There are role access based features already in the works, and as I discuss below, already many measures you can take.
This is possible, if you set the API key to https://www.librechat.ai/docs/configuration/librechat_yaml/object_structure/custom_endpoint#apikey On top of this, you can use many limiters offered by the automated moderation system:
I'm sorry to hear this, for this reason you should always use the |
Beta Was this translation helpful? Give feedback.
-
|
The issue is that the documentation does not contain a note about this. I understand the purpose of customizability, but it wouldn't hurt to just add a little reminder to the current documentation, as you have already done to several other locations in the documentation, that it exposes the endpoint to all users. By default, none of those configurations to prevent this were enabled, and to me that it that is contributing to a problem. I hadn't even been aware that it was possible to customize user-inputted API keys since additional configuration is mentioned in a small note. You can't do anything about that -- people will miss important information no matter what you do -- but I think it's important to give people a small peace of mind that the defaults are reasonably secure. |
Beta Was this translation helpful? Give feedback.
-
|
Feel free to make a contribution to the docs: https://github.com/LibreChat-AI/librechat.ai If you feel like there's a specific place on the website where this can be made more apparent, there's usually an "edit this page" link. I do feel these things are documented but it can always be improved, especially if you can pinpoint where exactly it's lacking. Likely a better note here? |
Beta Was this translation helpful? Give feedback.
-
|
That sounds reasonable to me, I'll take a look when I have time. |
Beta Was this translation helpful? Give feedback.
-
|
Maybe we could add "user_provided" as the default value in the
|
Beta Was this translation helpful? Give feedback.
-
What features would you like to see added?
Currently, LibreChat's documentation advises users to setup custom endpoints in such a way that any user is able to utilize the API key for that endpoint. This is not mentioned in the documentation, and allows malicious users to take advantage of vulnerable servers by creating new accounts and using the endpoint without further authentication required.
The default behavior should be that only the admin account is able to utilize the custom endpoint and it would require an explicit opt-in to enable it for all users. Or alternatively, suggest an option that allows users to insert their own API keys. The documentation should further highlight this as a security concern.
More details
I forgot about a server that I was testing setting up an OpenRouter endpoint on and forgot to disable registration and put it behind a proxy. This allowed people to iterate through all domains, find my LibreChat one, and create an account to use the endpoint. In this case, I only lost $5, but it could have been a big issue if I had more money or enabled auto-refill. The existence of this kind of behavior (I recorded there may be 3 different services hijacking my server) implies that this is a widespread vulnerability.
Which components are impacted by your request?
Endpoints
Pictures
No response
Code of Conduct
Beta Was this translation helpful? Give feedback.
All reactions