Похожие чаты

Hey guys, i'm a web developer and i'm currently working

on a pure PHP script that acts like a file manager / analizer for servers, and have access to the complete file system of the server where is installed; So, for such reason i made a "security key", basically a javascript auth function executed with Tampermonkey ( a browser extension), and the script will work only if the key is present

But i was thinking that maybe someone on the staff of the IT of a company or a sys-admin on a college that uses my script may want to use the app in a computer that doesn't have the "key" installed, so my question is:

Its a good idea to implement a master password to unlock the script withouth the key?

NOTE: is important to say the authentication process and all the AES decryption keys are contained in the "key", programmed to run from the Tampermonkey extension, and this information is totally isolated from the main php file of the utility, so no cookies or login information will be saved on the server or the local storage of the browser

1 ответов

13 просмотров

It depends on the type of script you are developing. If its open source, then the best idea i think is to not provide master key, as it may fell into wrong hand. If its private, then its your choice. Filesystem is the last place that anyone hacker will want have access to. Just consider the risks.

Похожие вопросы

Обсуждают сегодня

Господа, а что сейчас вообще с рынком труда на делфи происходит? Какова ситуация?
Rꙮman Yankꙮvsky
29
А вообще, что может смущать в самой Julia - бы сказал, что нет единого стандартного подхода по многим моментам, поэтому многое выглядит как "хаки" и произвол. Короче говоря, с...
Viktor G.
2
@Benzenoid can you tell me the easiest, and safest way to bu.y HEX now?
Živa Žena
20
This is a question from my wife who make a fortune with memes 😂😂 About the Migration and Tokens: 1. How will the old tokens be migrated to the new $LGCYX network? What is th...
🍿 °anton°
2
30500 за редактор? )
Владимир
47
а через ESC-код ?
Alexey Kulakov
29
What is the Dex situation? Agora team started with the Pnetwork for their dex which helped them both with integration. It’s completed but as you can see from the Pnetwork ann...
Ben
1
Гайс, вопрос для разносторонее развитых: читаю стрим с юарта, нада выделять с него фреймы с определенной структурой, если ли чо готовое, или долбаться с ринг буффером? нада у...
Vitaly
9
Anyone knows where there are some instructions or discort about failed bridge transactions ?
Jochem
21
@lozuk how do I get my phex copies of my ehex from a atomic wallet, to move to my rabby?
Justfrontin 👀
11
Карта сайта