Client-server communication is insecure #22
Description
The server will happily execute arbitrary commands sent by the client. Just type in rm -rf foo and it will be ran.
There is some 'mitigration' in that the Websocket server will only accept connections from the same IP address. However, it is impossible to safely expose fabmodules over a network, which is one of the major benefits of a web-based system.
Proposed is to only execute a known subset of commands (enforced by server), not arbitrary stuff.