Accessing Web Interface from another pc
Derek Moss
dmgi at stoptheviolence.co.uk
Fri Dec 6 13:28:48 EST 2013
On 6 December 2013 14:20, Jon Davies <jon at hedgerows.org.uk> wrote:
> On 6 December 2013 11:59, Lorenzo Martinelli * <lnzlists at googlemail.com> wrote:
>> If I change LISTEN=0.0.0.0 then I can display the Web Interface from any
>> other PC on the same network by entering the address of the computer running
>> get_iplayer?
> that's right. But actually, it's not just the same network - it's any
> network that can connect to your computer running the web pvr.
>
>> What are the security implications?
> the web interface hasn't been designed to be secure - anyone who can
> access that interface can do pretty much anything. In particular the
> "command" option in get_iplayer, which is so useful, opens up the
> possibility of unauthenticated users (that is, anybody) doing pretty
> much anything to your computer. That's /very/ insecure.
>
>
>> What if I change LISTEN to the IP address of the computer I want to display
>> the web interface from?
> That wouldn't work - the listen address is about what IP address the
> web pvr binds itself to on the computer it's running on (let's call
> that the server). 127.0.0.1 is the default - this is the local
> loopback interface which is accessible only from the same machine;
> 0.0.0.0 tells it to bind to every available address on the server -
> the web pvr is then accessible from any client machine that can
> connect to any of the addresses on the server.
>
> if you want to limit access to web_pvr then you will need to install
> and configure a firewall on your web pvr computer.
>
>> Would that make it safer?
> I suppose less insecure, but I still wouldn't describe it as secure.
>
> regards
> Jon
Perhaps a better idea would be to setup an OpenVPN server (on the PC
or a Raspberry Pi) and then connect to that securely, which will then
give you access to the PC running Get_Iplayer and you could RDP into
that from your remote PC using the LAN address, so no need to expose
GI or RDP to the WAN through your firewall.
I don't know if you could bind GI to the LAN IP instead of 127.0.0.1
but if so then you should be able to access the Web PVR using the LAN
IP once connected to the OpenVPN server, as an alternative to using
RDP (which might not be possible depending on what sort of computer
you're using remotely but even Android has an RDP client nowadays).
Regards
Derek
More information about the get_iplayer
mailing list