17217 - Web interface security issues external access

TVMosaic live and recorded TV products for Desktop/NAS/Raspbery Pi
Post Reply
Montoya
Posts: 229
Joined: Mon Feb 26, 2018 9:07 am

17217 - Web interface security issues external access

Post by Montoya » Fri Feb 08, 2019 10:03 am

With the release of 17217 with web interface, do we get the same security issues we had with DVBLink, that non-tech minded TVMosaic users leave their TVMosaic server wide open to the internet, when they have “on the go”/WAN access enabled ?

Still a lot of DVBLink servers are to be found which are accessible by web interface, be just using a search engine...
Just query "TV guide - DVBLink" in Google and you will be surprised....

I expect the same happening now with this new version of TVMosaic with web interface, so this is very BAD :shock:

So what are the plans to finally incorporate https access with SSL, so DVBLogic takes responsibility of this security issue, without hiding that it is the users responsibility to make TVMosaic access safe :?:

We need options in TVMosaic settings provided by DVBLogic, to make that access safe.
Plex and Emby already provides https access with SSL, so step up DVBLogic, take responsibility and put this also on your roadmap with HIGH priority :idea:

In my humble opinion, the web interface shouldn't be introduced, when secure access is not available or fixed.
DVBLink server 6.0.0 build14499, DVBLink TVSource 6.0.0 build14061, DVBLink for IPTV build 13107
TVMosaic server build 17679, Kodi 18.4 (Git:20190831-3ade758ceb), Win10 Pro x64 1903 build18362.449

muppets4
Posts: 29
Joined: Sun Jun 03, 2018 9:12 pm

Re: 17217 - Web interface security issues external access

Post by muppets4 » Fri Feb 08, 2019 10:37 am

I would like to know the answer to this crucial question too. My server is on 24/7, like many of us have.

Oberon
Posts: 1288
Joined: Thu Jan 26, 2017 8:45 am

Re: 17217 - Web interface security issues external access

Post by Oberon » Fri Feb 08, 2019 11:39 am

It is planned in one or another form.

Montoya
Posts: 229
Joined: Mon Feb 26, 2018 9:07 am

Re: 17217 - Web interface security issues external access

Post by Montoya » Fri Feb 08, 2019 12:57 pm

Oberon wrote:
Fri Feb 08, 2019 11:39 am
It is planned in one or another form.
Could you consider making secure acces in TVMosaic just as easy as this guide (Emby https access with SSL) ?
https://blog.awelswynol.co.uk/2018/01/s ... -with-emby

So users could use a free Cloudflare signed SSL certificate in TVMosaic and use all security options available with a free Cloudflare account and set that up in TVMosaic settings page, with domain, which ports to use and with the option to load a pxf certificate and input password for that pxf in TVMosaic settings.

Emby.PNG
Emby.PNG (129.16 KiB) Viewed 1346 times
DVBLink server 6.0.0 build14499, DVBLink TVSource 6.0.0 build14061, DVBLink for IPTV build 13107
TVMosaic server build 17679, Kodi 18.4 (Git:20190831-3ade758ceb), Win10 Pro x64 1903 build18362.449

Oberon
Posts: 1288
Joined: Thu Jan 26, 2017 8:45 am

Re: 17217 - Web interface security issues external access

Post by Oberon » Fri Feb 08, 2019 1:02 pm

It will be something lie that. But, if you ask me, this guide is far from being easy for an average user.
The way how Plex does it is easy, but it requires the resources, which we do not have.

MrGrymReaper
Posts: 2
Joined: Wed Mar 27, 2019 3:29 am

Re: 17217 - Web interface security issues external access

Post by MrGrymReaper » Wed Mar 27, 2019 3:38 am

Actually using a service like CloudFlare provides more than just a free SSL certificate. It can depending on plan level provide extra security functionality and also a FREE basic DDOS protection. If your a business with enough money you could also use it to provide enhanced DDOS protection to the endpoint.

Something which can be useful if you don't have the resources to handle being DDOS attacked yourself. So depending on how you configure the software you can make your CloudFlare endpoint the internet access address. So when you browse and/or stream from TvMosaic through remote applications away from your home network it will be protected via the endpoint so. When well configured you can help to mask the address which your local network is assigned by your ISP as well as other local ip configurations.

That way if someone tries to attack you via the fqdn used to remotely access your installation of TVMosaic the service has the potential to step in and absorb the DDOS or depending on plan other attacks. Basically becoming the bouncer to protect your resources (aka "your bar") preventing attacks against you. Through controlling access to the service resources which you provide that could especially come in handy if your going to be remotely accessing a TVMosaic instance installed on NASes.

I would likely use CloudFlare in either Free or Pro level as a private home user. To at least gain a basic DDOS defences so that remotely people have a harder time attacking. The connection speed wouldn't be able to handle being a victim of a DDOS anyway as there's just basic remote access potential only.

Post Reply