Secure

[ghost]

Is it secure to transfer data with this plugin?

[ghost]

@ATechAdventurer Do you know sth. about this topic?

[phybros]

Hi @kial1 no it's not.

As per https://github.com/phybros/servertap/blob/master/README.md

This plugin is under development and is not ready for real usage yet.

[ghost]

Will you implement https support?

[phybros]

Not for a while. My first instinct is that you should run this behind a reverse proxy such as nginx, apache2 or haproxy and have that do the TLS termination for you.

[ghost]

Is it secure when only one ip adress can access the port?

[phybros]

If you have a firewall in front of servertap that is capable of whitelisting IPs, that could work. I wouldn't rely on IP whitelisting in the long-term though.

[ghost]

I wouldn't rely on IP whitelisting in the long-term though.

I want to keep the api private, why do you think so?

[phybros]

IP Whitelisting is good if you want to keep it private, but the traffic is still unencrypted and there is no Authentication (see #6). These are 3 separate topics

[ghost]

I am using cloudflare but when I change the port from servertap to a https port it doesn't work (i know that it isn't supported now). But isn't it really important for the plugin to have ssl btw. https?