![]() ![]() Or is it still easy to access other parts of my network even if the site behind the port needs authentication? I know that it's not wise to open ports mindlessly, but since the web UI needs an username and password to actually access the interface I thought it would make it harder for someone to wreak havoc on my machine/network. Though I don't entirely understand why you'd want to, or what the privacy implications are believed to be.I have small home server that runs a qBittorrent in docker container, and I was wondering how bad/risky it is if I'd forward the port for the web UI so I can access it from outside my network. Without it, authentication simply wouldn't function. Unfortunately there's no way to disable qBittorrent's SID cookie. Without providing your session id, qBittorrent would have no way of knowing that the request was coming from you and not some unauthenticated third party. Your browser sends this cookie back to qBittorrent on all subsequent requests to identify/tag those requests as belonging to you. After you successfully authenticate on the login page, qBittorrent sends yours browser a cookie containing a unique, random id. QBittorrent takes an approach that's a bit more common among login pages on the internet. While this is an effective method and secure over https, it also means the user is required to enter their credentials into the browser's archaic dialog box (there's no ability to provide a custom login page with basic auth). A cookie isn't required because the credentials are explicitly included. The uTorrent webui uses basic auth for authentication, which means the username + password are sent in the Authorization header of every request. Why qBittorrent need cookies while other clients don't (or they do but don't allow user to manage)? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |