Multi user, let not delete anyone other files #99
Comments
|
I feel like user management, authentication, authorization, etc. is beyond the scope of this project. You can try setting up a reverse proxy (like nginx) in front of the server to handle auth and sessions. |
|
nono i mean like ip based check or session check maybe ? |
|
Session requires authentication, which in turn requires user management, etc. See the discussion in #77 |
|
Oh and if you want IP-based security, you can either setup your firewall or configure a reverse proxy: Apache or nginx |
|
I have to agree.... the most that bothers me is when some nut job deletes all torrents so he can add his. What scriptzteam wants is a session based authorization scheme. For instance when a user accesses the site for the first time he gets a session ID based on a hash of his IP and some salt, unix time etc. Adding a torrent will be marked as removable only by that session ID, a timeout of hours or days (if there's already one implemented) or by the owner of the site. What you've suggested doesn't hinder anyone from removing the torrents. What we want is to separate superuser rights on what we add vs other users. I should not be able to remove someone else's torrents, nor should he mine. It's a pretty simple, yet elegant way of giving each user rights without the hassle of user management. |
|
torx.cat works this way ;) |
|
When it works... for me it doesn't and peerflix-server is more popular, way way more sites with it. |
For example if i share the url anyone can delete stop my torrents, is there any way to create per user or ip or session id like http://someip.org:9000/#session_id/ so only those with session id can manage and see thier torrents?
THX!
The text was updated successfully, but these errors were encountered: