mirror of
https://github.com/Palakis/obs-websocket.git
synced 2024-08-30 18:12:16 +00:00
1cd12c1023
After discussion in the Discord server, and some internal discussion, this was deemed a reasonable patch for various security concerns. This basically controls whether obs-websocket binds to 127.0.0.1 or 0.0.0.0. I decided to have obs-websocket bind to 127.0.0.1 by default, since most users appear to be using obs-websocket on the same machines as their client software. This will be changed if it poses significant support-related issues. Further security solutions have been discussed, but are either a heavy amount of work, or significantly impact client applications' connect flows. One idea that I should mention is like a cookie system, where: - On first connect, obs-websocket asks the user to approve the connection. - After authentication, obs-websocket gives the client a token in the `Identified` message, which the client stores. - On future connects, the client uses this token, along with the password, to authenticate without needing user confirmation. This system will likely be implemented in a future version of obs-websocket. Closes #907 |
||
|---|---|---|
| .. | ||
| en-US.ini | ||