[GWT10]

Hello,

I got a error message in JDownloader saying the plug-in was no longer valid with an error ID.

I also got the following email:

Quote:

Due to some security issues, the JDownloader app is currently incompatible with FileFactory. We do not know if we will enable access to this app again in the future.

What are the issues?

JDownloader is an open-source app, and its source code is available for anyone to view

JDownloader is not able to effectively obscure our login API key, so third parties or bots can abuse our API

JDownloader allows free users to bypass our website and create automated downloads which leech our bandwidth, creating a heavy load on our systems and slowing down speeds for our valued Premium users

In the meantime, try Internet Download Manager if you're looking for a great download manager.

The main reason I don't use Internet Download Manager (IDM) is because it doesn't decrypt files and lacks a built-in password manager. And I'm not going to pay for something that doesn't do that.

Is there some kind of beef FileFactory has with JDownloader? I've been using this plug-in with JDownloader for the last 10 years with few problems. Now all of a sudden, there's problems.

~

PS: I also notice I haven't had any plug-in updates for any of my other filelockers for the last couple of months. Is that unusual?

[pspzockerscene]

Hi,
we've already reacted to this in this german thread.
To sum it up:
There are no security issues regarding JDownloader.

The problem FF has is that their API is currently relying on a different API key per application.
Especially for open source clientside software like JDownloader, it is impossible to store such information secretly and it seems like their API got misused by other tools using that "JDownloader key".

We have told FF what should be done to properly secure their API but instead of doing so, we are where we are now.

Our FF plugin should still/again be working fine.

[pspzockerscene]

Quote:

Originally Posted by GWT10

Is there some kind of beef FileFactory has with JDownloader? I've been using this plug-in with JDownloader for the last 10 years with few problems. Now all of a sudden, there's problems.

I wouldn't call it beef but appearently they haven't found a solution for their API design issue yet which is why our plugin is now relying on their website instead of their API.
Them putting out an article about security issues regarding JDownloader is quite confusion and is definitely not the right wording.
If that was true, then every open source software would have that same "security issue".

As explained it is impossible for a clientside used application to securely store such API-keys which is why other measures need to be done serverside. This can only be done by Filefactory.

If you got issues with your FF account, try to delete- and re-add it to JDownloader.

[GWT10]

@pspzockerscene, thanks for your responses.

My account over there is suspended for reasons unknown. The only thing I can think of is Andy insists I don't use JDownloader, since that was the only complaint I had gotten from him so far.

[Jiaz]

Quote:

Originally Posted by GWT10

My account over there is suspended for reasons unknown.

Contact their support. I've never heard of anyones account getting suspended just because they prefer to use JDownloader. Doesn't make any sense at all