6 Matching Annotations
  1. Dec 2022
    1. This is a terrible idea. At least if there's no way to opt out of it! And esp. if it doesn't auto log out the original user after some timeout.

      Why? Because I may no longer remember which device/connection I used originally or may no longer have access to that device or connection.

      What if that computer dies? I can't use my new computer to connect to admin UI without doing a factory reset of router?? Or I have to clone MAC address?

      In my case, I originally set up via ethernet cable, but after I disconnected and connected to wifi, the same device could not log in, getting this error instead! (because different interface has different mac address)

  2. Jul 2022
    1. # ActiveStorage defaults to security via obscurity approach to serving links # If this is acceptable for your use case then this authenticable test can be # removed. If not then code should be added to only serve files appropriately. # https://edgeguides.rubyonrails.org/active_storage_overview.html#proxy-mode def authenticated? raise StandardError.new "No authentication is configured for ActiveStorage" end
  3. Sep 2021
  4. Jun 2020
    1. Data that is sent over the network is compressed (optionally) and encrypted (always). When receiving data it must be decrypted and then (if compressed) decompressed.
  5. May 2020
    1. While there are security benefits to disallowing unsigned extensions by default, it is not clear why there is no option to turn off this behavior, perhaps by making it configurable only with administrator rights.