Jump to content

User registration

itsfks

By itsfks
in Feature Requests

 Share

Recommended Posts

darkassassin07

darkassassin07 630

Posted
Posted

I'd be worried exposing something like that, not knowing how vulnerable it is to code stuffing, overflow attacks, spam registrations, and more.

Yeulamcon

Yeulamcon 0

Posted
Posted
7 minutes ago, darkassassin07 said:

I'd be worried exposing something like that, not knowing how vulnerable it is to code stuffing, overflow attacks, spam registrations, and more.

Thanks for your input , your concern is totally valid. The registration page is protected by a secure token that’s verified server-side, so without a valid token, access isn’t possible. On top of that, the URL isn’t publicly listed or linked anywhere, which significantly reduces exposure. This setup already mitigates risks like code injection, overflow attacks, and spam registrations. That said, we’re continuously monitoring and improving security where needed.

Neminem

Neminem 1114

Posted
Posted
10 hours ago, Yeulamcon said:

we’re continuously monitoring and improving security where needed.

I like you say WE are !

So this is not a personal server ?

Share seller "Cough"

Carlo

Carlo 4558

Posted
Posted
10 hours ago, Yeulamcon said:

Thanks for your input , your concern is totally valid. The registration page is protected by a secure token that’s verified server-side, so without a valid token, access isn’t possible. On top of that, the URL isn’t publicly listed or linked anywhere, which significantly reduces exposure. This setup already mitigates risks like code injection, overflow attacks, and spam registrations. That said, we’re continuously monitoring and improving security where needed.

If the API usage is taking place as part of the registration page the "secure token" is most likely exposed for the looking. To be protected better (for starters) you would need the registration pages to have a backend process that runs independently from the user pages. This backend only process would be using the API so it's never exposed to a user's browser but instead is ran from a trusted/hardened dedicated location.

"we’re continuously monitoring" doesn't sound like something a home server admin would say. :)

  • Agree 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...