Web based file manager

Back to overview

Graphical filesystem interface for headless devices

lion-mclionhead

lion mclionhead

Back to overview
Files 0
Components 0
logs 1
Instructions0
Discussion 2

« Back to project details Sort by:

Security hole
12/03/2025 at 19:41 • 0 comments

Years ago, remote file management was manely based on FTP. Support for that grew & grew until we had basically transparent access to remote files. All that went away in the late 90's & got replaced by loose ssh commands. The security hole of having FTP on a large network was the mane reason, but very few of us are on public networks anymore.

The big risk nowadays seems to be IPv6. Those addresses are once again as public as IPv4 was 30 years ago.

The easy solution is to make servers reject IPv6 connections. The only method that works in android is

socket.getInetAddress() instanceof Inet4Address
The java.net.preferIPv4Stack setting doesn't work.

The next step would be certificate based authentication, but for a program with no users, it's not necessary. There's actually a box in Firefox for setting a client certificate. Then it would need HTTPS support, which would entail creating yet another batch of certificates for the server, a big step up from the current Server class.

The way webphone is written, using it on a raspberry pi would manely involve installing a JVM, making a new class to handle android log statements & instantiating the same classes outside android. It's still more convenient than FTP, since it doesn't need a client program.