![]() ![]() Doesn't matter, I'm in the targeted group. I assume the worst because being compromised is a zero-sum game. What are the chances you were in the part of the barrel they scraped? For a small list of unknowns:ģ) What software/websites/people are they choosing to attackĤ) Are you even using any of the software/websites that are being attacked?ĥ) Are they going to accept cracking 50%~ accounts? Many crackers only care to scrape the bottom of a barrel. The chances of 0 becoming 1 are not quantifiable because it requires knowing unknowns. I'm worried about given that they do exist what is the risk to me? What is the likelihood that my account has been broken into? To my understanding, they would not require physical access and would be able to guess any passwords generated (once an attack has been found/created). So I'll let someone else quantify potential specifics. I'm not a security expert, more of a hobbyist. ![]() ![]() Some require physical access some do not. Rather than worry about whether or not a practical attack already or will one day exist, I'd use cryptography that hasn't been shown to be broken. Therefore when something is shown that "attacking it is possible" you can make one of two assumptionsġ) No practical attack exists and you'll be safe until it existsĢ) A practical attack already exists and it is only a matter of time until you get pwned KEEWEB WEBDAV 304 ERROR CRACKERBy the time the threat level hits 100% the cracker may have already broken into your account(s) before you even hear about the attack. There is no guarantee that a practical attack exists that hasn't been brought to academic or mainstream attention (e.g some cracker has a practical attack that they're keeping under wraps). This threat level immediately goes to 100% when a practical attack is discovered. In order to gauge that, I need a little more info about the threat level. I care about whether the existence of the bug is something I should be so concerned about as to not use the software. To hide it, you can for example proxy requests to your internal WebDAV host and then point KeeWeb to the proxied address.>I don't care about why the bug happened or how easy it is/isn't to fix. Keep in mind that your WebDAV server will be exposed to Internet, if you would like to expose KeeWeb together with it. You can find some information in this issue. It's possible to backup files to your IMAP mailbox using mailbox-backup proxy (warning: this project is in beta for now). On Windows, adding your CA to trusted certificates storage may help. OPTIONS request must work without authorization. If your WebDAV server is using a self-signed or invalid certificate, you can use this command to open files in KeeWeb desktop app: certutil -d sql: $HOME/.pki/nssdb -A -t TC -n "my_domain.lan" -i ~/ca.crt To load a WebDAV-located file from the web app, CORS must be enabled on your server. ![]() If you want KeeWeb to write files with PUT, instead of moving temporary file, you can change it with a switch in Settings → General. Methods GET,HEAD,POST,PUT,OPTIONS,MOVE,DELETE,COPY,LOCK,UNLOCK,PROPFIND,MKCOLĪllowed_headers Authorization,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Accept-Charset,X-Accept,origin,accept,if-match,destination,overwrite Header always set Access-Control-Allow-Credentials "true"įor nginx: add_header 'Access-Control-Allow-Origin' '*' always Īdd_header 'Access-Control-Allow-Credentials' 'true' always Īdd_header 'Access-Control-Allow-Methods' 'GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK' always Īdd_header 'Access-Control-Allow-Headers' 'Authorization,DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Accept-Charset,X-Accept,origin,accept,if-match,destination,overwrite' always Īdd_header 'Access-Control-Expose-Headers' 'ETag' always Īdd_header 'Access-Control-Max-Age' 1728000 always Īdd_header 'Content-Type' 'text/plain charset=UTF-8' Īdd_header 'Access-Control-Allow-Origin' '*' Īdd_header 'Access-Control-Allow-Credentials' 'true' Īdd_header 'Access-Control-Allow-Methods' 'GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK' Īdd_header 'Access-Control-Allow-Headers' 'Authorization,DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,X-Accept-Charset,X-Accept,origin,accept,if-match,destination,overwrite' Īdd_header 'Access-Control-Expose-Headers' 'ETag' Īdd_header 'Access-Control-Max-Age' 1728000 Header always set Access-Control-Allow-Methods "GET, HEAD, POST, PUT, OPTIONS, MOVE, DELETE, COPY, LOCK, UNLOCK" Header always set Access-Control-Expose-Headers "ETag" Header always set Access-Control-Allow-Headers "origin, content-type, cache-control, accept, authorization, if-match, destination, overwrite" Header always set Access-Control-Allow-Origin "*" ❗ OPTIONS request must work without authorization. To load a WebDAV-located file from the web app, CORS must be enabled on your server. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |