is there one out there? wanted to get a utorrent skin, so searched around. found one i liked, but then this poster on DA made a good point:
As of µTorrent 2.0, released on 01/25/2010, webui.token_auth is enabled by default. WebUI application developers were warned about this back in May 2009. PLEASE BE AWARE that disabling the token authentication system opens your system up to potential cross-site scripting hacks. Cross-site scripting carried out on websites were roughly 80% of all security vulnerabilities documented by Symantec as of 2007.
i know we are never COMPLETELY secure when we are connected to the internet, but this seems like kind of a no-brainer when it comes to network security.
does anyone know of or has or is working on a uTorrent skin that still lets Utorrent have webUI token authentication enabled?
anonymous-kun wrote:is there one out there? wanted to get a utorrent skin, so searched around. found one i liked, but then this poster on DA made a good point:
i know we are never COMPLETELY secure when we are connected to the internet, but this seems like kind of a no-brainer when it comes to network security.
does anyone know of or has or is working on a uTorrent skin that still lets Utorrent have webUI token authentication enabled?
thanks : )
This is not an issue if you are using a skin on your own computer to monitor uTorrent activity on "localhost" (127.0.0.1), using "WebUI", but only something you need to worry about if you are exposing your uTorrent to the internet via "Web Remote Access".
There are no skins today doing authentication, nor are there likely to be, unless someone writes some kind of auth plugin, AND WebParser is significantly changed to use cookies/certificates. (not sure if uTorrent is using the somewhat standard OAuth, like Twitter is, but the same is does / will apply)
