Page 1 of 1

17217 - Web interface security issues external access

Posted: Fri Feb 08, 2019 10:03 am
by Montoya
With the release of 17217 with web interface, do we get the same security issues we had with DVBLink, that non-tech minded TVMosaic users leave their TVMosaic server wide open to the internet, when they have “on the go”/WAN access enabled ?

Still a lot of DVBLink servers are to be found which are accessible by web interface, be just using a search engine...
Just query "TV guide - DVBLink" in Google and you will be surprised....

I expect the same happening now with this new version of TVMosaic with web interface, so this is very BAD :shock:

So what are the plans to finally incorporate https access with SSL, so DVBLogic takes responsibility of this security issue, without hiding that it is the users responsibility to make TVMosaic access safe :?:

We need options in TVMosaic settings provided by DVBLogic, to make that access safe.
Plex and Emby already provides https access with SSL, so step up DVBLogic, take responsibility and put this also on your roadmap with HIGH priority :idea:

In my humble opinion, the web interface shouldn't be introduced, when secure access is not available or fixed.

Re: 17217 - Web interface security issues external access

Posted: Fri Feb 08, 2019 10:37 am
by muppets4
I would like to know the answer to this crucial question too. My server is on 24/7, like many of us have.

Re: 17217 - Web interface security issues external access

Posted: Fri Feb 08, 2019 11:39 am
by Oberon
It is planned in one or another form.

Re: 17217 - Web interface security issues external access

Posted: Fri Feb 08, 2019 12:57 pm
by Montoya
Oberon wrote:
Fri Feb 08, 2019 11:39 am
It is planned in one or another form.
Could you consider making secure acces in TVMosaic just as easy as this guide (Emby https access with SSL) ?
https://blog.awelswynol.co.uk/2018/01/s ... -with-emby

So users could use a free Cloudflare signed SSL certificate in TVMosaic and use all security options available with a free Cloudflare account and set that up in TVMosaic settings page, with domain, which ports to use and with the option to load a pxf certificate and input password for that pxf in TVMosaic settings.

Emby.PNG
Emby.PNG (129.16 KiB) Viewed 692 times

Re: 17217 - Web interface security issues external access

Posted: Fri Feb 08, 2019 1:02 pm
by Oberon
It will be something lie that. But, if you ask me, this guide is far from being easy for an average user.
The way how Plex does it is easy, but it requires the resources, which we do not have.

Re: 17217 - Web interface security issues external access

Posted: Wed Mar 27, 2019 3:38 am
by MrGrymReaper
Actually using a service like CloudFlare provides more than just a free SSL certificate. It can depending on plan level provide extra security functionality and also a FREE basic DDOS protection. If your a business with enough money you could also use it to provide enhanced DDOS protection to the endpoint.

Something which can be useful if you don't have the resources to handle being DDOS attacked yourself. So depending on how you configure the software you can make your CloudFlare endpoint the internet access address. So when you browse and/or stream from TvMosaic through remote applications away from your home network it will be protected via the endpoint so. When well configured you can help to mask the address which your local network is assigned by your ISP as well as other local ip configurations.

That way if someone tries to attack you via the fqdn used to remotely access your installation of TVMosaic the service has the potential to step in and absorb the DDOS or depending on plan other attacks. Basically becoming the bouncer to protect your resources (aka "your bar") preventing attacks against you. Through controlling access to the service resources which you provide that could especially come in handy if your going to be remotely accessing a TVMosaic instance installed on NASes.

I would likely use CloudFlare in either Free or Pro level as a private home user. To at least gain a basic DDOS defences so that remotely people have a harder time attacking. The connection speed wouldn't be able to handle being a victim of a DDOS anyway as there's just basic remote access potential only.