Key upload over HTTP is a security risk
This plugin allows users to upload their SSH private keys over insecure HTTP connections. This is a really bad idea! If the account has shell access, they’d basically be handing over access to it to their network admins, the ISP, the government and anyone else who happens to be listening!
Over HTTP connections, wouldn’t it be a better idea to encourage the user to:
a) upload a private key to the server as a random-named file (or otherwise being careful not to expose the key) and set FTP_PRIKEY,
b) copy their existing ~/.ssh/id_rsa to their webroot as a random-named file (or otherwise being careful not to expose the key) and chmod go+r, or
c) enable HTTPS
and only let the user proceed over HTTP when they have acknowledged that they are aware of and want to ignore the gaping security risks of their actions?
- The topic ‘Key upload over HTTP is a security risk’ is closed to new replies.