Accessing from LAN
tefod-zz opened this issue ยท 8 comments
Accessing from localhost is great. How I can grant access from any IP from LAN?
You can't. It is not designed for that purpose mostly because of security concerns. The goal of this project as stated is to allow Floccus to store the bookmarks file in some folder you would like that can later be synced with any cloud service or tool.
If that's your goal setup an Apache or nginx sever in one of your machines and use it for that.
https://www.howtoforge.com/setting-up-webdav-with-apache2-on-debian-etch
https://httpd.apache.org/docs/2.4/mod/mod_dav.html
Thx for ur message. I got the intended use. Just thought, why we might not share a bookmark set on a dedicated server, so that different users can sync a specific bookmark file with floccus.
I will give dave a look. Thx again.
why we might not share a bookmark set on a dedicated server, so that different users can sync a specific bookmark file with floccus
Yeah I get it, however that would open the door for a very very big security nightmare. How could we make sure a network version of LoFloccus wouldn't get exploited / hacked? It would also make us have to deal with issues like SSL certificates and other measures that aren't easy to implement in an app designed for final users / behind firewalls and such.
Any ideas?
How could we make sure a network version of LoFloccus wouldn't get exploited / hacked?
I meant a dedicated server in the LAN; my bad. ๐
Besides that, the risk of getting exploited exist for every per network accessible program/service imho.
I see no concerns in a Home or Corp-LAN. I mean, would be great if we could bind (an option?) the port to LAN-IP instead of just localhost/127.0.0.1.
I see no concerns in a Home or Corp-LAN
What if one of your not-so-frindly colleagues decided to exploit it? What about a public Wifi network with malicious actors?
Even if we ignore that, bookmark traffic will be unencrypted from that point and everyone on the network will be able to eavesdrop into those shared bookmarks and/or steal your webdav credentials.
Wouldn't it be way safer to just use https://syncthing.net/ and LoFloccus on each computer to sync the bookmarks (and potentially other stuff)?
Wouldn't it be way safer to just use https://syncthing.net/ and LoFloccus on each computer to sync the bookmarks (and potentially other stuff)?
Thx for the hint.
Installing a chrome extension (floccus) is a no-brainer. Even ur tool is pretty small and portable - it's a kinda an overkill running on dozen local machines a listening mini server - and opening ports. This is something, which will produces headaches with the sysadmins ๐
Besides that - I am researching the whole day, for a (open source) solution of "team bookmarks". Its just strange, that there not that much solutions. What I found so far:
- LinkAce (pretty great and neat frontend; Rest API available, but unfortunately no extension available for syncing with browser bookmarks)
- xBrowserSync (great browser bookmark sync tool; but no not made for sharing bookmarks)
- TeamBookmark (browser bookmark sync tool; but no dedicated server available and the whole team would have read/write rights
- NextCloud with Bookmarks App; almost perfect bookmark management. Together with floccus its pretty complete.
With Floccus & LoFloccus I could avoid a NextCloud installation for just sharing syncing the bookmarks into the browser.
I'll have some thought on this for the rewrite of this tool.
This feature is now implemented in 1.2.0 https://github.com/TCB13/LoFloccus/releases/tag/1.2.0
Enjoy!