D-Link Forums

The Graveyard - Products No Longer Supported => D-Link Storage => DNS-320L => Topic started by: lionkd75 on June 11, 2016, 09:54:11 AM

Title: Security issue?
Post by: lionkd75 on June 11, 2016, 09:54:11 AM

I have installed elFinder. If I try to access directly the NAS from another PC through internet, I have full access to elFinder interface without having to give any password. I use the address username.dlinkddns.com/elfinder/index.php and I have access to elfinder's interface. Is there any way to password protect this interface?
The same applies to other apps as well. For example transmission. If I use the address:

username.dlinkddns.com:9092/transmission/web

I have access to the app (from internet) without the need of any password.

This does not sound very secure.

Your help is really appreciated. Thanks!

Title: Re: Security issue?
Post by: ivan on June 13, 2016, 01:23:02 PM

Quote

This does not sound very secure.

I agree it is not secure at all.

The main problem is how the apps are written, they can be secure by default (but then a lot of people would find them hard to use) or they can be insecure (in which case only a few people are concerned about the insecurity).

Not having used either app I can't say much about them but I would hope that there is the ability to secure them somewhere included in each.  If there isn't then stop using them and contact the developers about your concerns.