Item id: 47504813
16 hours ago
for further clarification: the jelly binary is the SSH server. connecting lands you in a Go TUI app, not a shell. there's no filesystem access, no command execution, users are fully sandboxed inside the app. it's built on charmbracelet/wish if you want to look at how that works.
17 hours ago
security nightmre
16 hours ago
happy to address specific concerns if you have them. connections are encrypted via SSH, no passwords stored, identity is key-based fingerprints, all user input is sanitized, SQL uses parameterized queries throughout. what specifically are you worried about?
13 hours ago
Yes, but a fun security nightmare!
11 hours ago
Very fun :)
It's actually sandboxed pretty heavily, no shell, no exec, just a Go TUI over SSH.
Would love to hear what attack surface you're thinking about. Always trying to tighten this up and make it as secure as possible!