Please do not use --share flag alone

[ClashSAN]

Hello there!
When you are using the --share flag, your ui is exposed to the internet. During your prompting session through the internet, other people could find your session's unique XXXXX.gradio.app value, and start generating random things.

Now, there's a recently reported code exploit that could be a danger. If the attacker has access to the ui, they may be able to run a python script remotely.

If you are going to run your local machine online through gradio, set a username and password like so:

--share --gradio-auth username:password

[ghost]

I had a stranger once intrude into my UI and use my GPU for over an hour. he rendered pictures of completely shat over sinks and bathrooms. I saw what he did and quickly deleted the carnage, but not without a hearthy laugh. Yea, exposing your gradio without password is a silly idea

[cgessai]

Alternatively, if the use case is simply a user wanting to be able to access their SD from anywhere on earth, setting up a VPN host and simply using the --listen flag will 'get the job done'.

I didn't even realize that Windows 7 and up has it's own VPN hosting software built in. Took an old laptop, turned it into my VPN host, set port forwarding on my comcast router to point to that machine, and use a free account on noip.com to have a domain name that always points to whatever my external IP address happens to be.

Because the VPN allows me to get to my local network, I use Solid Explorer app on my Android phone to check the Samba share on my SD machine. Sometimes Chrome on Android doesn't deal well with the Gradio interface if I switch tabs to put the phone to sleep so after I start the render(s), I just peek in the Samba share to see how progress is going. Unlike all of the above, Sold Explorer by NeatBytes is not free and I can't attest to anything about it other than I use it.