Re: Extend FileBot or FileBot-Node into full API
Posted: 01 Aug 2019, 11:51
Solution 2 is certainly feasible, it's also fairly insecure.
Containers usually (e.g. docker does it by default), run as root on the host machine and provide a root user inside the container.
Breaking these boundaries is one of the major points of attack and allowing code execution within a container (possibly on a machine exposed to the web), is subject to vulnerabilities.
I'm currently using option 1, but it's unfortunately not as smooth as I'd like.
The most comprehensive solution would probably be to have a FileBot daemon with an API that can accept commands sent by filebot CLI. This would be a big change, the only example that comes to mind is FlexGet, which now provides both a cron-based script to including a daemon (as far as I remember since v2).
I would however point out that despite the usefulness of docker for home users, the intended use is probably enterprise with much larger and distributed infrastructure.
Containers usually (e.g. docker does it by default), run as root on the host machine and provide a root user inside the container.
Breaking these boundaries is one of the major points of attack and allowing code execution within a container (possibly on a machine exposed to the web), is subject to vulnerabilities.
I'm currently using option 1, but it's unfortunately not as smooth as I'd like.
The most comprehensive solution would probably be to have a FileBot daemon with an API that can accept commands sent by filebot CLI. This would be a big change, the only example that comes to mind is FlexGet, which now provides both a cron-based script to including a daemon (as far as I remember since v2).
I would however point out that despite the usefulness of docker for home users, the intended use is probably enterprise with much larger and distributed infrastructure.