Opened 7 years ago
Closed 3 years ago
#4706 closed defect (fixed)
Secure downloads
| Reported by: | rugk | Owned by: | |
|---|---|---|---|
| Priority: | Should Have | Milestone: | Website / Forum |
| Component: | Website / Forum | Keywords: | security |
| Cc: | Patch: |
Description
Currently your downloads do not use HTTPS. That means an attacker could intercept them, change them and thus let the user execute (potentially malicious) binary code.
Threat model: Any network attacker; three-letter agencies or attackers in wifi
What can be done?
- Easy, and you should really do this: I understand you do not host the binary files over HTTPS, but at least the tiny torrent files – which you suggest anyway – should be provided via HTTPS.
- Clever and still relatively easy: You could use https://webtorrent.io/ to download the torrent directly in your browser. Refer to their site for more information. This might also simplify your torrent FAQ/the download process for users, which are not aware of torrents, as everything happens in the background.
When doing so, you probably do not even have to offer the big binary on your servers wayway – or, only hidden as a "last resort" e.g. when JavaScript is disabled in the browser or the browser is too old.
- Also possible: Use some third-party service to host the files, such as https://bintray.com/, which is free for FLOSS projects.
- Also possible, but hard: Use JavaScript served via HTTPS, which contains a hash of the file, which is then checked after the file has been downloaded via HTTP.
Change History (3)
comment:1 by , 7 years ago
comment:2 by , 6 years ago
| Component: | Network → Website / Forum |
|---|
Note:
See TracTickets
for help on using tickets.
Note that even when using torrents, to be really sure the file has not been tampered with, you might also want to publish the SHA256 hash on the download page. People, who want to use it, can then use it.