This repository has been archived by the owner on Oct 22, 2021. It is now read-only.
Security of the terminal #1037
-
How secure is using the terminals on a websocket port? Is there a way websites could try connecting to one of the used ports and get terminal access? |
Beta Was this translation helpful? Give feedback.
Answered by
GitSquared
Feb 13, 2021
Replies: 1 comment 1 reply
-
In theory, yes, a malicious website could connect to edex's internal websocket connection via client-side javascript, and get terminal access. |
Beta Was this translation helpful? Give feedback.
1 reply
Answer selected by
danbulant
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In theory, yes, a malicious website could connect to edex's internal websocket connection via client-side javascript, and get terminal access.
In practice however, the internal websocket server only accepts one connection so the website has very limited time to try to connect before edex's own frontend does.