[FFmpeg-user] Resolve (was Re: key frame)
MediaMouth
communque at gmail.com
Sun Jun 30 14:50:31 EEST 2024
> On Jun 30, 2024, at 05:42, Reindl Harald <h.reindl at thelounge.net> wrote:
>
>
>
>> Am 30.06.24 um 06:39 schrieb MediaMouth:
>> I'm not so sure that open ports are as intrinsically insecure as one might worry. We set up NodeJS web & API servers frequently -- very simple, very clear in reporting all traffic. You do see the constant attempts by bad actors, but you can code the servers to not respond to all traffic except those that are permitted by your API terms, and accompanied by a verified token. Been doing this over a decade with no hacks afaik.
>
> or you just don't know :-)
Yup. Exactly. From what I can tell on a machine with an open port 443 and a node server reports all traffic and attempts to access that port, and I do see a lot of nefarious attempts by bots -- mostly looking for wordpress vulnerabilities (non installed), php files (there's no php server on this machine) and this goes on endlessly. The server reads incoming requests character for character, method, header and body, and rejects all but a few requests. So presumably not much can happen, but yeah, I nonetheless wonder if a skilled hacker with a lower level understanding than I can nonetheless get in without my knowledge.
I would think that if any open port could be hacked no matter what, the internet writ large would quickly be rendered useless
Curious your insights
> "you can code the servers to not respond to all traffic except those that are permitted by your API terms" is pure nonsense in context of security bugs
> _______________________________________________
> ffmpeg-user mailing list
> ffmpeg-user at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-user
>
> To unsubscribe, visit link above, or email
> ffmpeg-user-request at ffmpeg.org with subject "unsubscribe".
More information about the ffmpeg-user
mailing list