Skip to content

Commit

Permalink
docs: Update security-considerations.md to fix a typo (#762)
Browse files Browse the repository at this point in the history 
* Update 08-security-considerations.md

Add missing "t" to "untrusted"

* fix: add missing "t" to untrusted
  • Loading branch information
@mark-pitblado
mark-pitblado authored Dec 28, 2024
1 parent 503a764 commit cc708a4
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion docs/docs/08-security-considerations.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

If you're going to give app access to untrusted users, there's some security considerations that you'll need to be aware of given how the crawler works. The crawler is basically running a browser to fetch the content of the bookmarks. Any untrusted user can submit bookmarks to be crawled from your server and they'll be able to see the crawling result. This can be abused in multiple ways:

1. Untrused users can submit crawl requests to websites that you don't want to be coming out of your IPs.
1. Untrusted users can submit crawl requests to websites that you don't want to be coming out of your IPs.
2. Crawling user controlled websites can expose your origin IP (and location) even if your service is hosted behind cloudflare for example.
3. The crawling requests will be coming out from your own network, which untrusted users can leverage to crawl internal non-internet exposed endpoints.

Expand Down
2 changes: 1 addition & 1 deletion docs/versioned_docs/version-v0.20.0/08-security-considerations.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

If you're going to give app access to untrusted users, there's some security considerations that you'll need to be aware of given how the crawler works. The crawler is basically running a browser to fetch the content of the bookmarks. Any untrusted user can submit bookmarks to be crawled from your server and they'll be able to see the crawling result. This can be abused in multiple ways:

1. Untrused users can submit crawl requests to websites that you don't want to be coming out of your IPs.
1. Untrusted users can submit crawl requests to websites that you don't want to be coming out of your IPs.
2. Crawling user controlled websites can expose your origin IP (and location) even if your service is hosted behind cloudflare for example.
3. The crawling requests will be coming out from your own network, which untrusted users can leverage to crawl internal non-internet exposed endpoints.

Expand Down

0 comments on commit cc708a4

Please sign in to comment.