Potential Security Concern / Feature Request
-
I know surfer is supposed to be a simple app, but would it be possible for the app to be configured in such a way that it would not serve out files or full directories that start with "."
Examples would be:
.git.htaccess(I know these aren't used here, but for examples sake)
I wanted to sync my surfer app with a git repo for ease of updating and it serves the .git folder. Not a huge risk but the config file in there can hold some sensitive information in some cases.
-
It sounds a bit like you have some work-flow or specific use-case in mind when you talk about syncing a git repo. Can you maybe describe what your plan is and then maybe there is a better solution than hiding files based on some rules. We can add this to surfer, but I guess this needs to be configurable then for other regular file serving usage.
-
It sounds a bit like you have some work-flow or specific use-case in mind when you talk about syncing a git repo. Can you maybe describe what your plan is and then maybe there is a better solution than hiding files based on some rules. We can add this to surfer, but I guess this needs to be configurable then for other regular file serving usage.
@nebulon Yeah it is pretty specific I suppose. Maybe allowing the admin to select folders/files to be hidden from public view is the best option then instead. My use case is that I am using a non-public git repo to publish to my site but also keep track of changes. I am sure I'm not the only one using surfer in this way, but I also know that it's a niche request. I'd be more than happy to clone surfer add the feature and submit a PR if that better suits Cloudron staff.
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@nebulon Yeah it is pretty specific I suppose. Maybe allowing the admin to select folders/files to be hidden from public view is the best option then instead. My use case is that I am using a non-public git repo to publish to my site but also keep track of changes. I am sure I'm not the only one using surfer in this way, but I also know that it's a niche request. I'd be more than happy to clone surfer add the feature and submit a PR if that better suits Cloudron staff.
@murgero There could also just be an option to show/ hide hidden files (ie those that start with . ) like on desktop file browsers?
-
@nebulon Yeah it is pretty specific I suppose. Maybe allowing the admin to select folders/files to be hidden from public view is the best option then instead. My use case is that I am using a non-public git repo to publish to my site but also keep track of changes. I am sure I'm not the only one using surfer in this way, but I also know that it's a niche request. I'd be more than happy to clone surfer add the feature and submit a PR if that better suits Cloudron staff.
-
@murgero to take a step back, why are you pushing the .git folder in the first place, if you don't want to have things public? I feel like you could just not do that instead, no? Maybe I don't fully get the flow you are using there.
@nebulon I am logging into my cloudron instance -> app -> terminal -> cd public ->
git fetch && git pulldirectly in the app - that's how the folder gets there.@jdaviescoates - Hidden folders in surfer still get served up.
To be clear I am NOT copying a git repo over webdav or ftp here, I am using
git clone/git pulldirectly on the app...--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@nebulon I am logging into my cloudron instance -> app -> terminal -> cd public ->
git fetch && git pulldirectly in the app - that's how the folder gets there.@jdaviescoates - Hidden folders in surfer still get served up.
To be clear I am NOT copying a git repo over webdav or ftp here, I am using
git clone/git pulldirectly on the app...@murgero said in Potential Security Concern / Feature Request:
@jdaviescoates - Hidden folders in surfer still get served up.
I know. I was suggesting that perhaps Surfer could have an option for them not to be.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login