Because main feature of Osmedeus is allow execute command on your system so make sure you secure it. If you run default config Osmedeus only can access via your localhost.
# SECURITY WARNING: don't run with debug turned on in production! DEBUG = True
You can also achieve remote access in safe method using SSH.
ssh -L 8000:localhost:8000 root@your_remote_server
make sure you’re enable
GatewayPorts yes in your
/etc/ssh/sshd_config on remote server.
Use same SECRET_KEY on the github repo gonna let someone create valid token and login to your server.
# See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/ # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = 'your_key_here'
If you running Osmedeus server on remote make sure you have SSL setup otherwise you gonna lose your JWT in untrusted network and can defenily lead to a Remote Code Execution on your server.
Read this great article for setup.