Disable GUI Authentication User&Password Popup


#1

Is it possible to disable the GUI Authentication User&Password Popup? I use LastPass, but it doesnt autofill passwords into popups.

A bit annoying to copy paste the password every time when accessing Syncthing. A regular login page would be convenient…


(Audrius Butkevicius) #2

It’s not advisable, but you can hardcode the username and password into the URL and bookmark that. I think we have a ticket for implementing a proper login page, yet nobody cares enough about this to implement it. If your syncthing is listening localhost only, and you are the only one using the machine, you can probably disable authentication all together.


(uok) #3

see https://github.com/syncthing/syncthing/issues/4137


#4

No issue here with native FireFox password manager. Maybe I miss something


(Jakob Borg) #5

Probably works fine with the browser built-in password managers, but for example 1Password doesn’t like our current system. I’d be happy to see it become a real login page instead.


#6

I’m not such a huge fan of not setting passwords for convenience reasons.

Who knows Syncthing is also vunerable for this kind of DNS rebinding attacks etc.: https://arstechnica.com/information-technology/2018/01/bittorrent-users-beware-flaw-lets-hackers-control-your-computer/?comments=1


(Jakob Borg) #7

We prevented that particular vulnerability a while back.


(Ben Curthoys) #8

Also see also:


#9

How do I hardcode the username & password in the url? I tried:


(Audrius Butkevicius) #10

First one should work, unless your browser actually prevents it from working.


#11

I had to url encode my password too, whoops. Now it works fine.