© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
Hi espen,
thank you for reporting this bug. Right now, it's indeed not possible to securely connect to a remote instance of SABnzbd. When you do that using your web browser, it will most certainly raise a red flag unless you purchased a certificate from a certificate authority. This is because the browser does not trust the certificate.
It would be simple to add a "Use HTTPS" checkbox to the dialog for setting up LottaNZB, but no mechanism of trust would be in-place. This means that even though this would cause the connection to be encrypted, there would be no guarantee whatsoever that LottaNZB is really talking to the SABnzbd instance you set up. Any adversary capable of messing with the routing taking place on the network could trick you into connecting to an instance of SABnzbd set up by him without you knowing, e.g. to perform a man-in-the-middle attack.
Of course, making that change to LottaNZB would at least prevent some network sniffers from gaining any knowledge about what you use SABnzbd for. But I wouldn't feel such comfortable advertising LottaNZB being capable of establishing a secure connection to SABnzbd even though the system has flaws.
Any opinions on this?
Regards,
Severin