Help → How secure is POPfile?

How secure is POPfile?

Virtual Private Servers (VPSs) are getting incredibly cheap so that you can host your popfile installation in the cloud for almost nothing (I'm paying 1 EUR per month for my 1GB VPS). But my question is: how secure is popfile when it is not in stealth mode, i.e. when its html port is exposed to the world?

I see two security threats: one is that POPfile does not support HTTPS, which means that the communication between your browser and your popfile instance in the cloud is not encrypted. That, however, can be solved by putting a reverse proxy in front of your popfile instance which would then take care of the SSL encryption and passing on the traffic to popfile.

The more serious threat is that exposing a port to the world always includes risks and how big these are depends on the software that is accepting the incoming traffic on that port. It would therefore be really good to know how vulnerable popfile's webserver actually is, given that its code is comparatively ancient.