[mythtv-users] Mythweb security

Chris Petersen lists at forevermore.net
Wed Oct 27 20:33:02 UTC 2004


> If I had to do it, I would still use the apache login, but then check the user 
> inside mythweb.

That's the long-term plan.  php's support for htauth isn't so hot (and 
it's not just apache -- htauth is built into the http specs), or rather, 
htauth isn't complex enough to bother putting effort into php when 
apache manages it so easily.

Can then let access groups be defined in mythweb (either online or in a 
config file), to control who can see which sections of mythweb.

> I'd be willing to code it in, but I would want the maintainer to agree that it 
> is good and would be included.

I'd accept a patch if:

1. access groups can be disabled, and are disabled my default.
2. open discussion comes to a consensus about which areas of mythweb
    need to be restricted.

Of course, all of this user-priority/override stuff would require mythtv 
support, and goes beyond mythweb.  I'm only thinking about stuff like 
locking out the ability to delete recordings, change channel settings, etc.

-Chris


More information about the mythtv-users mailing list