REMINDER: Do not expose CrossWatch directly to the public internet #121
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I notice that some users are hosting CrossWatch on remote VPS/dedicated servers. That can be fine but only if you treat it like a private service, not a public website!
If you put CrossWatch on a public IP without proper controls, you’re basically hanging a exploit sign on it.
Internet scanners will find it, and if there’s even one weak spot, it won’t stay yours for long.
At the current stage of development, CrossWatch is primarily focused on getting things done: features, stability, and usability.
It is not primarily focused on being a hardened, internet-facing service.
That means:
As described in my disclaimer: https://wiki.crosswatch.app/related-information/disclaimer
Security
Do not expose CrossWatch directly to the public internet.
CrossWatch is intended for LAN/VPN use and may contain security weaknesses.
Putting CrossWatch on the public internet turns it into a target for automated scanners and real attackers. If there are any weaknesses—common ones in self-hosted apps include auth bypasses, weak session handling, missing rate limits, insecure defaults, outdated dependencies, or simple bugs, an attacker can use them to:
Therefore:
Beta Was this translation helpful? Give feedback.
All reactions