Is there a security vulnerability for the Rclone API?

I've posted on the forum several times. Using rclone, I will backup very important, even vital data to GDrive. Doing this requires statistics.

You stated that I can get it with the

rclone copy local/path remote_name: -P --rc --rc-no-auth

code in the topics I opened before.

Although it has some shortcomings for my needs, it works.

My concern is can someone access these files without my permission? Please do not get it wrong. I really don't know enough about API logic. I would be very happy if you inform me.


If there is something I need to do for security, can you tell me?

By using the --rc-no-auth flag you're allowing anyone on the same machine who can reach port localhost:5572 access to the API.

If you want to lock it down you can require username/password or TLS client certs to authenticate. See Remote Control / API for details.

Why not encrypting using crypt backend?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.