You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
(Thank you for writing/maintaining this script. This is not an issue, just an FYI / feature suggestion. Feel free to close or ignore it.)
Assuming that the script is running from a privileged account on the NAS itself, you might be interested to know that it's possible to access the websocket API over a local Unix domain socket (/var/run/middleware/middlewared.sock) without the need for any configured credentials (API key etc.) that might leak to be used remotely. I've written a proof-of-concept script that does this. Unfortunately I'm not aware of an HTTP-equivalent counterpart, so it would be a pretty substantial change to your code.
The text was updated successfully, but these errors were encountered:
(Thank you for writing/maintaining this script. This is not an issue, just an FYI / feature suggestion. Feel free to close or ignore it.)
Assuming that the script is running from a privileged account on the NAS itself, you might be interested to know that it's possible to access the websocket API over a local Unix domain socket (
/var/run/middleware/middlewared.sock) without the need for any configured credentials (API key etc.) that might leak to be used remotely. I've written a proof-of-concept script that does this. Unfortunately I'm not aware of an HTTP-equivalent counterpart, so it would be a pretty substantial change to your code.The text was updated successfully, but these errors were encountered: