danog/TelegramApiServer
1
0
Fork 0
mirror of https://github.com/danog/TelegramApiServer.git synced 2024-11-30 04:19:13 +01:00
Code Issues Projects Releases Wiki Activity

Readme Security issue notice

Browse Source
This commit is contained in:
Alexander Pankratov 2020-01-13 02:02:29 +03:00
parent 39a269b207
commit 8a74979cd7
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -92,6 +92,14 @@ Fast, simple, async php telegram api server:
* sendMessage: `http://127.0.0.1:9503/api/sendMessage/?data[peer]=@xtrime&data[message]=Hello!`
* copy message from one channel to other (not repost): `http://127.0.0.1:9503/api/copyMessages/?data[from_peer]=@xtrime&data[to_peer]=@xtrime&data[id][0]=1`
**INPORTANT SECURITY NOTICE!**
Do not use `SERVER_ADDRESS=0.0.0.0` in version 1.5.0+, because websocket EventHandler endpoint currently not use `IP_WHITELIST` option.
This means, anyone from internet can listen your updates via websocket in this mode.
Use only default setting: `SERVER_ADDRESS=127.0.0.1`, or protect your app with external firewall.
This security issue will be fixed in one of next releases in January 2020.
**Contacts**