IPFS bind the API on localhost:5001 that mean this API is only accessible on the same machine running the IPFS deamon.
You can change the API field in ~/.ipfs/config but publicly exposing your API is not recomended and have security issues.
If you authenticate with bearer headers for example, that not public.
That a really smart way to do it too, I think it’s better if you want a long term solution. However ssh tunneling is more low efforts and take seconds to get running.
I wouldn’t say you automatically get hack by letting anyone use it, the other way to say it would be anyone who can use it can hack your server, that’s none sense, you know what hackers do too, they steal your headers in applications or your ssh key in memory, just accept it being a public api like ipfs.io.
people can’t hack your server just like that, plus ipfs isn’t your regular php backend that you can cut yourself with it, they can use your resource though if they have access to it.
In applications you do want to use a local ipfs node or one that’s embedded in the application itself.
You’ve got a point there. Though it’s strange, ipfs-go should mark files as non executable when it writes any data to the local file system as a safety prevention. But I trust they must’ve done something like that already, and if they haven’t done that, ipfs doesn’t store any files as a whole either but segments of the object in its repository folder so no way it’s going to get executed just like that ! The chances are too weak for that !
Until I see a binary file getting executed just by exposing ipfs’s API, I won’t believe that for one sec. It’s the developer’s job to make sure the api can be used safely we’re the one who’re supposed to protect people for harming themselves with what we’ve made. I know the people who’s building ipfs, they’re all great people I’ve watched many of their videos on youtube when they are talking about ipfs on some sorts of conventions, there’s nothing to be worried about !
marking files non executable doesn’t protect you, you can clobber shared object that gets loaded such as libs, or bash scripts that get run often bash script.sh or python script.py execute files that doesn’t have the executable bits sets perfectly fine (in all of thoses cases that just because it’s reading the file and interpreting it, executable bit only protect you against direct execution)
