JDownloader Community - Appwork GmbH
 

Reply
 
Thread Tools Display Modes
  #1  
Old 17.11.2022, 16:07
GWT10 GWT10 is offline
Zetta Loader
 
Join Date: Feb 2011
Posts: 190
Default FileFactory.com claims JDownloader security issues

Hello,

I got a error message in JDownloader saying the plug-in was no longer valid with an error ID.

I also got the following email:

Quote:
Due to some security issues, the JDownloader app is currently incompatible with FileFactory. We do not know if we will enable access to this app again in the future.

What are the issues?

JDownloader is an open-source app, and its source code is available for anyone to view

JDownloader is not able to effectively obscure our login API key, so third parties or bots can abuse our API

JDownloader allows free users to bypass our website and create automated downloads which leech our bandwidth, creating a heavy load on our systems and slowing down speeds for our valued Premium users

In the meantime, try Internet Download Manager if you're looking for a great download manager.
The main reason I don't use Internet Download Manager (IDM) is because it doesn't decrypt files and lacks a built-in password manager. And I'm not going to pay for something that doesn't do that.

Is there some kind of beef FileFactory has with JDownloader? I've been using this plug-in with JDownloader for the last 10 years with few problems. Now all of a sudden, there's problems.

~

PS: I also notice I haven't had any plug-in updates for any of my other filelockers for the last couple of months. Is that unusual?

Last edited by GWT10; 17.11.2022 at 16:11.
Reply With Quote
  #2  
Old 17.11.2022, 16:11
pspzockerscene's Avatar
pspzockerscene pspzockerscene is offline
Community Manager
 
Join Date: Mar 2009
Location: Deutschland
Posts: 64,713
Default

Hi,
we've already reacted to this in this german thread.
To sum it up:
There are no security issues regarding JDownloader.

The problem FF has is that their API is currently relying on a different API key per application.
Especially for open source clientside software like JDownloader, it is impossible to store such information secretly and it seems like their API got misused by other tools using that "JDownloader key".

We have told FF what should be done to properly secure their API but instead of doing so, we are where we are now.

Our FF plugin should still/again be working fine.
__________________
JD Supporter, Plugin Dev. & Community Manager
JDownloader 2 Setup Download
Spoiler:

A users' JD crashes and the first thing to ask is:
Quote:
Originally Posted by Jiaz View Post
Do you have Nero installed?
That's true James
Quote:
Originally Posted by James
Die Leute verstehen einfach nicht dass nur weil man mit einer Waffe auch auf Menschen schießen kann dass ein Schützenver​ein kein Ort für Amoklaufide​en ist
Reply With Quote
  #3  
Old 17.11.2022, 16:15
pspzockerscene's Avatar
pspzockerscene pspzockerscene is offline
Community Manager
 
Join Date: Mar 2009
Location: Deutschland
Posts: 64,713
Default

Quote:
Originally Posted by GWT10 View Post
Is there some kind of beef FileFactory has with JDownloader? I've been using this plug-in with JDownloader for the last 10 years with few problems. Now all of a sudden, there's problems.
I wouldn't call it beef but appearently they haven't found a solution for their API design issue yet which is why our plugin is now relying on their website instead of their API.
Them putting out an article about security issues regarding JDownloader is quite confusion and is definitely not the right wording.
If that was true, then every open source software would have that same "security issue".

As explained it is impossible for a clientside used application to securely store such API-keys which is why other measures need to be done serverside. This can only be done by Filefactory.

If you got issues with your FF account, try to delete- and re-add it to JDownloader.
__________________
JD Supporter, Plugin Dev. & Community Manager
JDownloader 2 Setup Download
Spoiler:

A users' JD crashes and the first thing to ask is:
Quote:
Originally Posted by Jiaz View Post
Do you have Nero installed?
That's true James
Quote:
Originally Posted by James
Die Leute verstehen einfach nicht dass nur weil man mit einer Waffe auch auf Menschen schießen kann dass ein Schützenver​ein kein Ort für Amoklaufide​en ist

Last edited by pspzockerscene; 17.11.2022 at 16:16. Reason: Added more information
Reply With Quote
  #4  
Old 17.11.2022, 21:08
GWT10 GWT10 is offline
Zetta Loader
 
Join Date: Feb 2011
Posts: 190
Default

@pspzockerscene, thanks for your responses.

My account over there is suspended for reasons unknown. The only thing I can think of is Andy insists I don't use JDownloader, since that was the only complaint I had gotten from him so far.
Reply With Quote
  #5  
Old 18.11.2022, 10:46
Jiaz's Avatar
Jiaz Jiaz is offline
JD Manager
 
Join Date: Mar 2009
Location: Germany
Posts: 79,044
Default

Quote:
Originally Posted by GWT10 View Post
My account over there is suspended for reasons unknown.
Contact their support. I've never heard of anyones account getting suspended just because they prefer to use JDownloader. Doesn't make any sense at all
__________________
JD-Dev & Server-Admin
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 13:41.
Provided By AppWork GmbH | Privacy | Imprint
Parts of the Design are used from Kirsch designed by Andrew & Austin
Powered by vBulletin® Version 3.8.10 Beta 1
Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.