Restrict socket connections #9779
Conversation
varjolintu
changed the title
|
Super cool |
|
|
||
| // Get process path from PID | ||
| char buf[PATH_MAX]; | ||
| auto procPath = QString("/proc/%1/exe").arg(pid); |
There was a problem hiding this comment.
IIRC, FdoSecrets does something similar for its client authorization. You can search its code for "proc" to find where that is. This should probably be moved to a common function in OSutils.
This whole PR is similar in concept to #6458, so there is likely to be some common functionality. Maybe a ClientAunthenticator class?
There was a problem hiding this comment.
OSUtils is a fine place for this, yes. And I agree common functions should have just one class. Going to look at this again after those two required PR's for this one are merged.
|
MD5 has been broken for a long time. Why not use a secure hash function? |
Is there a need for that? The data is only stored inside your database that is already encrypted. |
|
MD5 is only broken for cryptographic purposes. It's a perfectly fine option for non-critical, performance sensitive hashing. With that said, there is really no reason not to use SHA-256. |
phoerious
added
pr: new feature
Adds a new Client Restrictions table to Database Settings. When enabled, only the binaries in the table are allowed to connect to the browser extension side.
The binaries are identified by absolute path and MD5 file hash. Currently the feature is supported in Windows, macOS, Linux and FreeBSD.
Requires #9406 as the base. Keeping draft status until that PR has been merged.
Screenshots
Testing strategy
Manually.
Type of change