@ruihildt it’s not about not wanting to. It’s about how far to go and I’ve opened up that discussion.
I have already put some antibot measures in some places. Adding some additional rate-limiting this evening.
I am very open to discussing how much further to go.
If you have any specific suggestions, I will gladly implement them (working on a 1-time authorisation. But frankly 2FA handles that much better anyway).
I agree it’s not ideal, but I don’t feel it’s that risky.
It uses exactly the same security that Cloudron uses.
So if it is insecure, then by definition Cloudron is insecure.
As always, all Cloudron users should :
have secure long passwords
use 2FA
ideally follow the recommendation to create a dedicated special purpose user and change its password after each use.
No login creds are stored - code is open for inspection to confirm that.
My clear preference is for this app to be in the AppStore so I can take down my site.
If the Cloudron community prefer this to be taken down or locked down further, I will happily do so.
The app and the site are just a response to the 100’s of requests for an easier way to add apps.
