23 lines
1.4 KiB
HTML
23 lines
1.4 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width">
|
|
<title>GoSmartKeyboard</title>
|
|
<link rel="stylesheet" href="google-code-prettify/prettify.css">
|
|
<link rel="stylesheet" href="styles/prettify-theme.css">
|
|
<script defer src="google-code-prettify/prettify.js"></script>
|
|
<script defer src="google-code-prettify/run_prettify.js"></script>
|
|
<link rel="stylesheet" href="styles/main.css">
|
|
</head>
|
|
|
|
<!-- Generated by srcweave https://github.com/justinmeiners/srcweave -->
|
|
<h1>GoSmartKeyboard Threat Model<a id="c11"></a></h1>
|
|
|
|
|
|
<p>GoSmartKeyboard assumes that it is running behind a reverse proxy that provides TLS termination. This is a common setup for web applications, and is the default configuration for the <a href="https://caddyserver.com/">Caddy</a> web server. Alternatively you could use SSH port forwarding to tunnel the traffic to the server.</p>
|
|
|
|
<p>The server daemon is intended to be used on a single-user system. The goal is to prevent against well funded attackers without physical access to the machine from authenticating to the service. To prevent this, a 256 bit random token is generated and stored in a file. The token is then displayed to the user, and they are expected to copy it to store it safely. The token cannot be recovered because only a sha256 hash of the token is stored on disk.</p>
|
|
</body>
|
|
</html>
|