improve threat model description
This commit is contained in:
parent
1147984f40
commit
b1634b4afe
@ -1,7 +1,6 @@
|
|||||||
# GoSmartKeyboard Threat Model
|
# GoSmartKeyboard Threat Model
|
||||||
|
|
||||||
|
|
||||||
GoSmartKeyboard assumes that it is running behind a reverse proxy that provides TLS termination. This is a common setup for web applications, and is the default configuration for the [Caddy](https://caddyserver.com/) web server.
|
GoSmartKeyboard assumes that it is running behind a reverse proxy that provides TLS termination. This is a common setup for web applications, and is the default configuration for the [Caddy](https://caddyserver.com/) web server. Alternatively you could use SSH port forwarding to tunnel the traffic to the server.
|
||||||
|
|
||||||
The daemon is intended to be used by a single user, with the client used by the same person.
|
The server daemon is intended to be used on a single-user system. The goal is to prevent against well funded attackers without physical access to the machine from authenticating to the service. To prevent this, a 256 bit random token is generated and stored in a file. The token is then displayed to the user, and they are expected to copy it to store it safely. The token cannot be recovered because only a sha256 hash of the token is stored on disk.
|
||||||
It is not recommended to use this over the internet, as it is intended for the user to be able to physically see the screen.
|
|
Loading…
Reference in New Issue
Block a user