Security of the terminal #1037
-
|
How secure is using the terminals on a websocket port? Is there a way websites could try connecting to one of the used ports and get terminal access? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
In theory, yes, a malicious website could connect to edex's internal websocket connection via client-side javascript, and get terminal access. |
Beta Was this translation helpful? Give feedback.
-
|
Oh thanks, it was just something that crossed my mind when I was looking at the source. |
Beta Was this translation helpful? Give feedback.
In theory, yes, a malicious website could connect to edex's internal websocket connection via client-side javascript, and get terminal access.
In practice however, the internal websocket server only accepts one connection so the website has very limited time to try to connect before edex's own frontend does.