INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Single login on the DLNA server  (Read 6560 times)

8139david

  • Galactic Citizen
  • ****
  • Posts: 345
Single login on the DLNA server
« on: January 27, 2015, 09:26:25 pm »

Using MC, I've set up a DLNA server, accessible on the net.
There is a login and pass.
However, once those are filled by someone (eg my friend Mary on her computer), then there is no need anymore to fill them in.
Anyone can access the network if s/he has the proper internet address & port number (http://xxxxxxx:yy).
That's not secure at all.
Is there a way to change that?
Either now, or in a future version of the program?
Thanks in advance
Logged

8139david

  • Galactic Citizen
  • ****
  • Posts: 345
Re: A single login on the DLNA server is not secure
« Reply #1 on: January 27, 2015, 11:02:24 pm »

Now it's even worse.
I've stopped the server, changed the password (password protection is selected in the options), created a new server in the options.
But if I go to the server's address, I'm directly logged in without having to enter login and pass!!!
(NB: I have stopped Firefox, emptied its cache, before trying. And I've done the same with Chrome.)

How can this be fixed?
Logged

TCube

  • Guest
Re: A single login on the DLNA server is not secure
« Reply #2 on: January 28, 2015, 03:49:45 am »

Hello,

You've got a point about MC DNLA password.
Still DNLA is not in any way secure to authorized connexion on WAN.  I mean there are huge security handling differences between from "One to One" and "One to many on the WWW".
That goes also from many DLNA appliances, not just MC for instance, I could use any Media Hub Software and access my local resources with no difficulties (still that would be "pull infos" based on Upnp-Dnla)
Rgds
TC
Logged

AndrewFG

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 3392
Re: A single login on the DLNA server is not secure
« Reply #3 on: January 28, 2015, 05:11:43 am »

^

UPnP is open to any other client on the network. That is how it was designed. That is how it is intended. Period.
Logged
Author of Whitebear Digital Media Renderer Analyser - http://www.whitebear.ch/dmra.htm
Author of Whitebear - http://www.whitebear.ch/mediaserver.htm

8139david

  • Galactic Citizen
  • ****
  • Posts: 345
Re: A single login on the DLNA server is not secure
« Reply #4 on: January 28, 2015, 05:15:29 am »

Another problem is that a single login and pass protects all servers.
Each server should receive its own login and pass.
Logged

TCube

  • Guest
Re: A single login on the DLNA server is not secure
« Reply #5 on: January 28, 2015, 05:19:58 am »

Again
You might be confused but MC is not a server as for an Apache Server or any PHP Servers ... It's accessible through DLNA which is pretty generic.
TC
Logged

AndrewFG

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 3392
Re: A single login on the DLNA server is not secure
« Reply #6 on: January 28, 2015, 05:24:06 am »

Again
You might be confused but MC is not a server ... It's accessible through DLNA which is pretty generic.
TC

Again: UPnP is open to any other client on the network. That is how it was designed. That is how it is intended. Period.

To put even simpler,in other words, if you DO want other clients to access your stuff, then UPnP is how you do it. And if you do NOT want other clients to access you stuff, then TURN OFF UPnP.

Logged
Author of Whitebear Digital Media Renderer Analyser - http://www.whitebear.ch/dmra.htm
Author of Whitebear - http://www.whitebear.ch/mediaserver.htm

8139david

  • Galactic Citizen
  • ****
  • Posts: 345
Re: A single login on the DLNA server is not secure
« Reply #7 on: January 28, 2015, 05:31:35 am »

OK, thanks for your replies.

What I might do, then, is modify the web pages of the server's interface so that it only offers access to some options, eg only 'Play here'.

And since the Library server seems to be password protected, I'll probably modify this one, or inspire myself from it for creating a limited Gizmo server: password protected + only 'play here'.

Edit: I just tried a simple solution that doesn't seem to work: add a .htaccess to the gizmo folder.
Is there a simple trick like that I could use?
Logged

TCube

  • Guest
Re: A single login on the DLNA server is not secure
« Reply #8 on: January 28, 2015, 06:12:26 am »

Interesting.
Nonetheless I really didn't think you could limit access to some folders within a program with overall DLNA access.
Anyway may I recommend to stick with your initial request to MC :
- A functional Password change function... so you may change it as many times you want .
I would go for that too  :)
Rgds
TC
Logged

8139david

  • Galactic Citizen
  • ****
  • Posts: 345
Re: A single login on the DLNA server is not secure
« Reply #9 on: January 28, 2015, 06:17:01 am »

The Library Server is password protected. And the pass can be changed all right.

But if I set up an extra Gizmo server from MC, on a different port, then this Gizmo server is not (or doesn't seem to be) pass protected!
It would be nice if it could be.
Logged

TCube

  • Guest
Re: A single login on the DLNA server is not secure
« Reply #10 on: January 28, 2015, 06:31:32 am »

Allright.
That may nails down the problem to Gizmo which I am not a fan at all for the Client side (sorry what is Gizmo. 😂)?
Rgds
TC
Logged

8139david

  • Galactic Citizen
  • ****
  • Posts: 345
Re: A single login on the DLNA server is not secure
« Reply #11 on: January 28, 2015, 06:59:30 am »

What I might do, then, is modify the web pages of the server's interface so that it only offers access to some options, eg only 'Play here'.
All my attempts to do so fail.
For instance, I attempted to change the library.html file of the Gizmo folder, so that the option to change the mode isn't offered.
But it seems the program detects I have changed a file and then the Gizmo server doesn't function properly anymore.
What could I do to solve this?
At the very least, if I have a separate Gizmo server running (on its own port, different from the port of the main Library Server), I don't want it to be able to decide what music I am playing locally. Only what people accessing the server can themselves hear (play) on their end.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72377
  • Where did I put my teeth?
Re: A single login on the DLNA server is not secure
« Reply #12 on: January 28, 2015, 07:00:41 am »

Removed a couple of crabby remarks.
Logged

TCube

  • Guest
Re: A single login on the DLNA server is not secure
« Reply #13 on: January 28, 2015, 07:14:01 am »

Jim
How can you do this when some are convinced to " speak and write the truth that can not be heard by somehow imbeciles "

Anyway what's the the point with fiddling with Gizmo with it's own port ? Which one would you assigned ? Wouldn't it be easier to use IPV6 ?

I'm a bit a loss now - not on the purpose but on the tools to do so.

. Honestly as to share my "MC ressources" on the Web I went a completely different  way.
Rdgs
TC
Logged

8139david

  • Galactic Citizen
  • ****
  • Posts: 345
Re: A single login on the DLNA server is not secure
« Reply #14 on: January 28, 2015, 07:15:53 am »

Removed a couple of crabby remarks.
Thanks. Can you or AndrewFG offer a constructive suggestion so that I can modify the server?
Logged

Arindelle

  • Citizen of the Universe
  • *****
  • Posts: 2772
Re: A single login on the DLNA server is not secure
« Reply #15 on: January 28, 2015, 07:21:53 am »

@David

like Andrew said, UPnP is what it is.

How about setting a free wordpress website barebones and adding a page with the link to your server, secure the access to that page to registered users only. Or only use mobile connections (apps like JRemote) which would be more secure. Otherwise VPN?

If "Mary" can still log on her browser is saving the password .. off the topic but should JRiver really be involved with security protocols, as it is a "personal" license, not a web broadcast platform per se? Assuming family members would have the option of installing it on their PCs anyways, just throwing it out there
Logged

8139david

  • Galactic Citizen
  • ****
  • Posts: 345
Re: A single login on the DLNA server is not secure
« Reply #16 on: January 28, 2015, 07:28:22 am »

How about setting a free wordpress website barebones and adding a page with the link to your server, secure the access to that page to registered users only. Or only use mobile connections (apps like JRemote) which would be more secure. Otherwise VPN?
Thanks, but would it change anything?
My Gizmo server would still be accessible by anyone with the proper address and port, wouldn't it?
This annoys me since it means that an internet bot could access it.
Logged

mwillems

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 5233
  • "Linux Merit Badge" Recipient
Re: A single login on the DLNA server is not secure
« Reply #17 on: January 28, 2015, 07:40:10 am »

A constructive suggestion:

A VPN using keys for authentication is the answer as far as I'm concerned (that's how I secure remote access to MC).  If you make your MC library server only accessible within your LAN, and then setup a secure VPN, folks can log into your VPN and it's like they're on your LAN (they can access the library server, etc.), but it's invisible to the rest of the internet.  In order to log into your VPN they'll need a key, and you can generate those (and revoke them) at will from your side.  I keep a key on my phone, and a key on my travel laptop and I'll occasionally make some to loan out and then later revoke. 

Some routers have VPN functions, but not all implementations are trustworthy.  Shop around for a router with a well-regarded VPN function.  Or you can do what I did, which is to use a little $35 raspberry pi to make one following this guide: http://readwrite.com/2014/04/10/raspberry-pi-vpn-tutorial-server-secure-web-browsing.  It requires some basic linux knowledge, but it works a treat, and it makes me much more comfortable with my remote access situation.
Logged

TCube

  • Guest
Re: A single login on the DLNA server is not secure
« Reply #18 on: January 28, 2015, 07:55:28 am »

Some smart solutions forwarded here   ;)
But anyway in spite of serious security concerns  - let me play the stupid "Daffy Duck" role here : How many people do you intend to share with ?
TC
Logged

8139david

  • Galactic Citizen
  • ****
  • Posts: 345
Re: A single login on the DLNA server is not secure
« Reply #19 on: January 28, 2015, 08:27:23 am »

Thanks for the suggestions.

The VPN seems a good idea, but it requires having an adequate router plus proper knowledge/experience.
I have neither!

For the Gizmo server, so that it stays in 'Play here' mode, I think I've found a quick & dirty fix.
In the Gizmo folder, I've renamed the file mode.html into mode3.html, so that the page is not accessible anymore.
It works currently, but I'll double check from outside (eg work).

Since security is still a concern, perhaps I can open the server only at special occasions, eg for a few days when I want a friend to listen to a particular album.
Logged

8139david

  • Galactic Citizen
  • ****
  • Posts: 345
Re: A single login on the DLNA server is not secure
« Reply #20 on: January 28, 2015, 08:30:26 am »

All my attempts to do so fail.
For instance, I attempted to change the library.html file of the Gizmo folder, so that the option to change the mode isn't offered.
But it seems the program detects I have changed a file and then the Gizmo server doesn't function properly anymore.
What could I do to solve this?
Can someone confirm or infirm:
Is the problem that MC doesn't accept modified html server files?
Or is it that I haven't modified them properly?
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72377
  • Where did I put my teeth?
Re: Single login on the DLNA server
« Reply #21 on: January 28, 2015, 08:41:56 am »

You can modify the files.
Logged
Pages: [1]   Go Up