https://gitlab.synchro.net/main/sbbs/-/commit/22c72fd3c7505f04936a43d7
Modified Files:
src/syncterm/bbslist.c syncterm.c syncterm.h
Log Message:
Allow the system list path to be an
http:// or
https:// URL
As per feature request 86, now you can put an encrypted BBS list
on the web somewhere and use it from anywhere.
I expect how this would normally be used is that your "main" system
would have a static IP and a web server on it, and you would set the
BBS list path there to be somewhere in your web root, and encrypt
your SyncTERM list with a hard to guess and unique password.
Then, on other systems, you would just point it there.
This does allow someone to do an offline attack against your list
password and if they crack it, they'll get all your passwords from
when they downloaded your list, so not exactly perfect security, but considerably better than nothing... and if we end up needing post-
quantum cryptography you'll need to rotate all of your passwords.
Another alternative of course is to use SSH public key auth and not
store passwords in the file at all, but you'll still want to store
them somewhere...
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net