qBittorrent API is accessible regardless of username/password. Huge security concern.

This page summarizes the projects mentioned and recommended in the original post on /r/qBittorrent
reverse-proxy Security HacktoberFest Server Applications File Sharing and Synchronization

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • authentik

    The authentication glue you need.

    • However, this app is able to authenticate and control qBit regardless of the webui username and password supplied; all it needs is the URL (qbittorrent.example.com) and it has full access. This is a huge security concern as this is a public facing service, and anyone with this url would be able to interact with my qBit instance, regardless of the fact that I'm protecting it with an authentication system.

  • Caddy

    Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS

    • I have a reverse proxy that points to the qBittorrent webui via a subdomain (qbittorrent.example.com, handled by a webserver not qBit). I'm using an app that takes this URL plus the webui credentials to interact with the qBittorrent API, so I can manage my torrents and media library all via this single app (nzb360).

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • qBittorrent

    qBittorrent BitTorrent client

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts