for further clarification:
the jelly binary is the SSH server. connecting lands you in a Go TUI app, not a shell. there's no filesystem access, no command execution, users are fully sandboxed inside the app. it's built on charmbracelet/wish if you want to look at how that works.
happy to address specific concerns if you have them. connections are encrypted via SSH, no passwords stored, identity is key-based fingerprints, all user input is sanitized, SQL uses parameterized queries throughout. what specifically are you worried about?
for further clarification: the jelly binary is the SSH server. connecting lands you in a Go TUI app, not a shell. there's no filesystem access, no command execution, users are fully sandboxed inside the app. it's built on charmbracelet/wish if you want to look at how that works.
security nightmre
happy to address specific concerns if you have them. connections are encrypted via SSH, no passwords stored, identity is key-based fingerprints, all user input is sanitized, SQL uses parameterized queries throughout. what specifically are you worried about?
Yes, but a fun security nightmare!
Very fun :)
It's actually sandboxed pretty heavily, no shell, no exec, just a Go TUI over SSH.
Would love to hear what attack surface you're thinking about. Always trying to tighten this up and make it as secure as possible!