Approved Peers

[Jaman42]

Hi,

Just have some questions about approved peers so I understand how it works.

 

It's a unit based setting right? I mean if I have 5 units I need to enable the setting on all devices to make sure no content is being shared to anyone else?

 

Can these approved peers be specified in the config file using the username or device name?

Thanks!

[piotrnik]

As far as I'm aware, using the link to approve the add only is effective for that one use (or however many uses specified) - the secret can otherwise still be shared manually by any peer (by the approved peer as well, once the link is used), and there's not really a way to prohibit people aside from a certain whitelist from connecting to a certain folder/secret.  The only exception would be if each member of the group were manually set to only connect to the other members, with no dht/tracker support.  

I've not tinkered with manual settings or the approval process much, so take my words with a grain of salt, but that's what I've gathered from the forums here. 

[RomanZ]

@Jaman42,

 

I suppose you want to prevent users you shared folder with to share it with someone else. As @piotrnik says - it is impossible. Once you shared the folder and you approve at least one user - he can share it further. The only limitation you can apply is to share RO access, so the user you shared with will only be able to share RO.

[Jaman42]

Thanks for the answers! To clarify, I have control over the 5 units. I just wondering if it was possible on unit 1 to allow sharing to 2,3,4,5 only and on unit 2 allow sharing to 1,3,4,5 and so on, also if it where possible with the config file. Thought of is as a additional safety in case I got sloppy with how I handle the secrets. But I guess from your answer that this is not how it works.

 

Can I read somewhere what the feature does?

[RomanZ]

@Jaman42

The very core of Sync implies that if you've got the key - you can use it everywhere. You can read more about keys and secrets here.

[Jaman42]

Yeah that's what I thought as well. Just wondered about the feature "Peers I invite must be approved on this device", I misread it a bit. I guess it is used for when you want to share a a folder over unsecure media. So if you tick the box and for example email the link to a friend and then you have to approve them and then they get the secret?

[piotrnik]

Yes, exactly.  Once you approve it, the folder is added to their sync with the specified RO/RW permissions.  Also, once they have the folder listed in their sync, they can get to the secrets (to share them further, if that's a concern).  

The approval is really more of a additional security layer on top of a one-time key, not a continuing security measure.