Is there an existing issue for this?
What happened?
Unauthenticated shutdown endpoints can be triggered locally and cause immediate denial of service.
Both backend and sync microservice expose POST /shutdown without authentication, token validation, or trusted-caller checks. Any local process that can send HTTP requests to localhost can terminate one or both services.
Reproduction:
- Start PictoPy normally.
- Send POST request to backend shutdown endpoint on port 52123.
- Send POST request to sync microservice shutdown endpoint on port 52124.
- Observe service process exit.
- Expected behavior:
- Only trusted internal app logic should be able to shut down services.
Actual behavior:
- Any unauthenticated local caller can invoke shutdown and terminate processes.
Impact:
- High local DoS risk. Active indexing/sync operations can be interrupted and app reliability is degraded.
Suggested fix:
- Require authenticated shutdown secret or signed IPC command.
- Restrict shutdown actions to trusted caller context.
- Disable or harden HTTP shutdown routes in production builds.
Record
Is there an existing issue for this?
What happened?
Unauthenticated shutdown endpoints can be triggered locally and cause immediate denial of service.
Both backend and sync microservice expose POST /shutdown without authentication, token validation, or trusted-caller checks. Any local process that can send HTTP requests to localhost can terminate one or both services.
Reproduction:
Actual behavior:
Impact:
Suggested fix:
Record