Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Potential Security Concern / Feature Request

Scheduled Pinned Locked Moved Surfer
7 Posts 3 Posters 357 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • murgeroM Offline
    murgeroM Offline
    murgero App Dev
    wrote on last edited by
    #1

    I know surfer is supposed to be a simple app, but would it be possible for the app to be configured in such a way that it would not serve out files or full directories that start with "."

    Examples would be:

    • .git
    • .htaccess (I know these aren't used here, but for examples sake)

    I wanted to sync my surfer app with a git repo for ease of updating and it serves the .git folder. Not a huge risk but the config file in there can hold some sensitive information in some cases.

    --
    https://urgero.org
    ~ Professional Nerd. Freelance Programmer. ~
    Matrix: @murgero:urgero.org

    1 Reply Last reply
    2
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    wrote on last edited by
    #2

    It sounds a bit like you have some work-flow or specific use-case in mind when you talk about syncing a git repo. Can you maybe describe what your plan is and then maybe there is a better solution than hiding files based on some rules. We can add this to surfer, but I guess this needs to be configurable then for other regular file serving usage.

    murgeroM 1 Reply Last reply
    1
  • murgeroM Offline
    murgeroM Offline
    murgero App Dev
    replied to nebulon on last edited by
    #3

    @nebulon Yeah it is pretty specific I suppose. Maybe allowing the admin to select folders/files to be hidden from public view is the best option then instead. My use case is that I am using a non-public git repo to publish to my site but also keep track of changes. I am sure I'm not the only one using surfer in this way, but I also know that it's a niche request. I'd be more than happy to clone surfer add the feature and submit a PR if that better suits Cloudron staff.

    --
    https://urgero.org
    ~ Professional Nerd. Freelance Programmer. ~
    Matrix: @murgero:urgero.org

    jdaviescoatesJ nebulonN 2 Replies Last reply
    0
  • jdaviescoatesJ Offline
    jdaviescoatesJ Offline
    jdaviescoates
    replied to murgero on last edited by
    #4

    @murgero There could also just be an option to show/ hide hidden files (ie those that start with . ) like on desktop file browsers?

    I use Cloudron with Gandi & Hetzner

    1 Reply Last reply
    0
  • nebulonN Offline
    nebulonN Offline
    nebulon Staff
    replied to murgero on last edited by
    #5

    @murgero to take a step back, why are you pushing the .git folder in the first place, if you don't want to have things public? I feel like you could just not do that instead, no? Maybe I don't fully get the flow you are using there.

    murgeroM 1 Reply Last reply
    0
  • murgeroM Offline
    murgeroM Offline
    murgero App Dev
    replied to nebulon on last edited by murgero
    #6

    @nebulon I am logging into my cloudron instance -> app -> terminal -> cd public -> git fetch && git pull directly in the app - that's how the folder gets there.

    @jdaviescoates - Hidden folders in surfer still get served up.

    To be clear I am NOT copying a git repo over webdav or ftp here, I am using git clone / git pull directly on the app...

    --
    https://urgero.org
    ~ Professional Nerd. Freelance Programmer. ~
    Matrix: @murgero:urgero.org

    jdaviescoatesJ 1 Reply Last reply
    0
  • jdaviescoatesJ Offline
    jdaviescoatesJ Offline
    jdaviescoates
    replied to murgero on last edited by
    #7

    @murgero said in Potential Security Concern / Feature Request:

    @jdaviescoates - Hidden folders in surfer still get served up.

    I know. I was suggesting that perhaps Surfer could have an option for them not to be.

    I use Cloudron with Gandi & Hetzner

    1 Reply Last reply
    1

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.