(blogs.cisco.com)

166 points rldjbpin | 1 comments | 03 Sep 25 08:18 UTC | HN request time: 0.21s | source

Show context

ekianjo ◴[03 Sep 25 10:02 UTC] No.45114004[source]▶

>>45113418 (OP) #

Ollama has no auth mechanism by default... You have to wonder why they never focused on that

replies(6): >>45114024 #>>45114056 #>>45114140 #>>45114531 #>>45115062 #>>45116572 #

47282847 ◴[03 Sep 25 10:25 UTC] No.45114140[source]▶

>>45114004 #

Separation of concerns?

If you deploy a power plug outside your house, is it the fault of the power plug designer if people steal your power?

Put it behind a webserver with basic auth or whatever you fancy, done.

replies(1): >>45114194 #

ekianjo ◴[03 Sep 25 10:36 UTC] No.45114194[source]▶

>>45114140 #

Bad analogies are bad analogies. ollama is a server system, it should expect to connect with more than one client and they know very well by now that this also means networked clients. If you create a server client protocol, implementing security is your job.

replies(5): >>45114234 #>>45114298 #>>45116601 #>>45116716 #>>45117190 #

1. phito ◴[03 Sep 25 10:42 UTC] No.45114234[source]▶

>>45114194 #

Any decent router is going to block connections from internet to your local network by default. For ollama to be accessible from the outside, they had to allow it explicitly. There's no way to blame ollama for this.

↑

Finding thousands of exposed Ollama instances using Shodan