Security Guide

Slink supports user authentication and user approval to prevent unauthorized access to the application. However, it’s recommended to use a reverse proxy like Nginx or Traefik to add additional security features like SSL, rate limiting, etc.

Important

Be aware that as of now, the application does not have any built-in rate limiting or brute force protection.

Tip

If you don’t want to expose the entire application to the public, you can only expose the /image route via the reverse proxy. Note that images served via this route are still gated by their share’s access rules (published state, password, expiration), not URL obscurity alone.

Share Access Control

Slink uses a privacy-first share model: every share is private by default and only reachable by whoever holds its link. There is no global “public by URL” mode. Access is granted per share, with publication, password, and expiration controls.

See Per-Share Controls for managing them.

Non-Root Container User

By default, the application runs as the root user inside the container. However, it’s recommended to run the application as a non-root user for security reasons.