Web Installer Authenticator
Make sure you win the race
I was recently testing out various software on my Lightsail server, and I am disappointed by the poor security of web installers. A lot of them treat the first user to connect as the administrator, which is unfortunately not guaranteed to be you.
Web Installer Authenticator will crate a cryptographically secure random key to make sure the person typing into the terminal is the same person connecting to the web installer.
You need the latest version of Node.js.
sudo npm install --global web-installer-authenticator
Usage: wiauth domain target domain - domain of this proxy server target - address to web installer a port, a domain, or both domain defaults to localhost Make sure to secure your installer with firewall
It is up to you to secure your installer with a firewall!
A TLS certificate is highly recommended, you can get free ones from Let's Encrypt.
Simply open an issue on GitHub.
If you are reporting a vulnerability or otherwise wish to communicate privately, you can open a confidential issue on GitLab.