Critical Security Vulnerabilies Discovered


limetech

Recommended Posts

On 2/17/2020 at 7:25 PM, Alphahelix said:

@limetech Thank you for your transparency it is very much appreciated! and thank you for evolving unRAID. I 100% back you up in your priority! If I am not mistaken unRAId is not an enterprise system (might be in the future, who knows?), but a home system. I feel we users tend to forget this from time to time, myself included.

 

Bottom line, keep up the good work. Let take the opportunity to mention the polling for new features is a great tool for you to show us users which features you plan on implementing. We users can use it to tell you the priority to implement them.

 

/Alphahelix

One of the best software purchases I ever made.

  • Like 3
  • Thanks 1
Link to comment
On 2/13/2020 at 7:43 PM, limetech said:

simplifications to reduce frustration by new users.  Nothing more frustrating that creating a share and then getting "You do not have permission..." when trying to browse your new share.  We are trying to reduce the swearing and kicking of dogs by new users just trying to use the server.

Thank you. As a new user, I appreciate that. I appreciate that my Kodi and AppleTV and SmartTVs can just access the share on the network without any hassle. Yes, I am aware of the security implications that come with this ease.

Link to comment
  • 2 months later...
On 3/5/2020 at 5:40 AM, tsawind said:

If you want that level of stuff, then you have to deal with constant forced updates and go pay the premium for it. I will back this company for as long as it stands!

 

This. UnRaid for me is a lesson in the KISS principle. (Keep It Simple, Stupid)

I work in IT but I like using UnRaid at home, because of it's simplicity and it's ability to just keep functioning. I've tightened up the security, of course, but it's excellent for my limited home needs and I only have one docker exposed to the internet through nginx proxy manager for phone-backup purposes.

It works wonderfully, it's been more stable than anything I've run at home previously and it runs on a shoebox, as my backup box can attest. I actually just built the backup box to buy another unraid license to support the developers.

I keep recommending it to absolutely everyone - and I really appreciate the transparency about these security issues, and also the willingness to discuss why certain choices are made. It makes you trustworthy, so keep it up.

  • Like 3
  • Thanks 1
Link to comment
  • 4 months later...
On 2/15/2020 at 10:48 AM, Marshalleq said:

+1 for Authy.  I learnt this lesson when I got a new device and had to transfer my Google Auth settings across.  You can't with google Auth!  As an aside, for the not so tech savvy that this appliance seems to be aimed at, having two factor and at least 'highly recommending' it when people insist on exposing unraid to the internet, would be a very good improvement.

I'm no expert by any means, but I use Google authenticator, Microsoft authenticator and Authy to be familiar with how they work.  I have noticed in Google authenticator web browser add-on you can export/import or backup your files.  I export the file in order to read the Keys.   And to keep in a safe place

Edited by Walter S
  • Like 1
  • Thanks 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.