Currently the security relies on a whitelist of IPs that can connect.
If a user's network is setup to use dynamic IPs this can not only create and issue where the user is being forced to approve their connection/device over and over, but it also a pretty significant security risk due to the fact that someone else (what is not an approved user) can now be assigned that old IP which is whitelisted and connect.
This needs fixing asap.
I'm thinking a quick solution will be to stop loading from the whitelist text file be default and instead use a "live" whitelist that is stored in RAM. This will cause users to need to re-verify their device/IP each time the server is started but it will ensure that we are only allowing authorized users to connect.
Currently the security relies on a whitelist of IPs that can connect.
If a user's network is setup to use dynamic IPs this can not only create and issue where the user is being forced to approve their connection/device over and over, but it also a pretty significant security risk due to the fact that someone else (what is not an approved user) can now be assigned that old IP which is whitelisted and connect.
This needs fixing asap.
I'm thinking a quick solution will be to stop loading from the whitelist text file be default and instead use a "live" whitelist that is stored in RAM. This will cause users to need to re-verify their device/IP each time the server is started but it will ensure that we are only allowing authorized users to connect.