SnakeJayd Posted April 28, 2013 Report Share Posted April 28, 2013 Hi.I am really enjoying this service and am intending on using it with a small home server as a my own private unlimited dropbox service.I am a bit concerned about the secrets though. Maybe I understand them incorrectly, but it seems as though all you need to access someone's information is their secret, no secondary authentication token.For example, if the secret was the identifier or index linking you to the host then I would expect a second authentication step like a password or even something like an ssh key. Just have some way to limit the people who can access my data, other than whether or not they happen to stumble across my secret.Does that make sense or am I missing something?I realise that it could make the distributed aspect of the system tricky, with each client becoming a new host that then becomes responsible for authenticating, but a distributed whitelist or master password could solve this?CheersSnakeJayd Quote Link to comment Share on other sites More sharing options...
GreatMarko Posted April 30, 2013 Report Share Posted April 30, 2013 There's plenty of other active discussions on security and "secrets" around the forum. For example, please see this thread or this thread. Quote Link to comment Share on other sites More sharing options...
SnakeJayd Posted April 30, 2013 Author Report Share Posted April 30, 2013 Thanks. I had a search before starting this one, but I couldn't find them. Must have been doing it wrong.THis topic can be closed if an admin or mod comes across it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.