Accessing Web Interface from another pc
Jon Davies
jon at hedgerows.org.uk
Fri Dec 6 09:20:55 EST 2013
On 6 December 2013 11:59, Lorenzo Martinelli * <lnzlists at googlemail.com> wrote:
> If I change LISTEN=0.0.0.0 then I can display the Web Interface from any
> other PC on the same network by entering the address of the computer running
> get_iplayer?
that's right. But actually, it's not just the same network - it's any
network that can connect to your computer running the web pvr.
> What are the security implications?
the web interface hasn't been designed to be secure - anyone who can
access that interface can do pretty much anything. In particular the
"command" option in get_iplayer, which is so useful, opens up the
possibility of unauthenticated users (that is, anybody) doing pretty
much anything to your computer. That's /very/ insecure.
> What if I change LISTEN to the IP address of the computer I want to display
> the web interface from?
That wouldn't work - the listen address is about what IP address the
web pvr binds itself to on the computer it's running on (let's call
that the server). 127.0.0.1 is the default - this is the local
loopback interface which is accessible only from the same machine;
0.0.0.0 tells it to bind to every available address on the server -
the web pvr is then accessible from any client machine that can
connect to any of the addresses on the server.
if you want to limit access to web_pvr then you will need to install
and configure a firewall on your web pvr computer.
> Would that make it safer?
I suppose less insecure, but I still wouldn't describe it as secure.
regards
Jon
More information about the get_iplayer
mailing list