Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQUEST] Consider TLS/WSS support & Authentication and/or USB-only mode #1103

Open
maclarel opened this issue Jun 12, 2024 · 0 comments
Open

[FEATURE REQUEST] Consider TLS/WSS support & Authentication and/or USB-only mode #1103

maclarel opened this issue Jun 12, 2024 · 0 comments
Labels
feature request New feature or request

Comments

@maclarel
Copy link

Is your feature request related to a problem? Please describe.
The Deckboard server utilizes a websocket listener that has a static access key known to the app. As a result of this any device on the same network can connect to any Deckboard server, pull the config, and act as a trusted client.

Fortunately the app itself has very limited privileges as it pertains to the server and can only execute shortcuts (not add/modify them, or see what they do) so impact is reasonably limited. Nonetheless, an authenticated session and possible support for TLS (initial handshake) and WSS (ongoing communication) would be great additions. Note that TLS/WSS support without authentication is not very useful since any client can connect and be trusted, and authentication without TLS support is similarly limited in value since the initial handshake can be intercepted by any listener on the network.

If neither of these are possible/would be considered, it would be ideal to be able to configure Deckboard server to only accept connections via local USB rather than a forced binding to a network interface and requirement for the user to block it in their firewall.

Thank you for your time and very useful app (that I did pay for)!

Describe the solution you'd like
Implementation of TLS + Authentication and/or USB-only mode.

Describe alternatives you've considered
I'm not aware of any feasible/sane alternatives as they pertain to the app here, however I'm very open to feedback!

Additional context
Not that it particularly matters since the upsell for Pro is mostly UI-focused (more buttons/scaling/etc), but it's likely that the scenario outlined here also allows for any client (regardless of whether or not it's the Pro version) to execute any shortcut that's available on the server.

While this is tangentially security related due to the possibility of drive-by attacks, impact is low enough that this seems reasonable to outline publicly as a feature request. Feel free to ping me and I can expand on the potential security issue(s) if helpful!

Also opened @ https://deckboard.canny.io/feature-requests/p/consider-tls-support-authentication-or-usb-only-mode though it appears that feature request board is unused.
@maclarel maclarel added the feature request New feature or request label Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maclarel