[mythtv-users] Securing mythweb
Mike Perkins
mikep at randomtraveller.org.uk
Mon Feb 15 18:11:49 UTC 2010
Travis Tabbal wrote:
> On Mon, Feb 15, 2010 at 10:34 AM, Jack McGee <jack at greendesk.net> wrote:
>
>> This thread seems appropriate for my question. I had htdigest enabled,
>> and logging in from public internet, but realized anyone could snoop and
>> find my password that way. I know about OPENVPN and that I can enable on
>> my buffalo-tomato firmware router, but then I have to run client software.
>> I want to be able to access it from my WM6 phone, work computer (from behind
>> work proxy), etc. Without loading any software. I know I can connect to my
>> bank securely and not load software. Is that possible either on the router
>> as a gateway to home network, or the mythtv FE/BE?
>>
>
>
> As mentioned already, you need to enable SSL on your mythweb server. If you
> use a self-signed cert you will get a warning from your web browser, and
> be vulnerable to MIM attack for the first time you connect, but that's
> likely ok for this use.
>
> I don't know if WM6 has the client, but I have openVPN on my G1. Works fine.
> Work computers are harder, and SSL is probably the best choice in that case.
> You can also tunnel SSH over the proxy, but that's probably "frowned upon".
> Just google for configuring apache for ssl. It's not really that hard to do
> and is the most universal solution. Then change the port forwarding you have
> for port 80 to port 443.
>
...or some other port, forwarded to 443 on your server. Like 80, 443 is too
juicy a target for the bots to aim at. My firewall gets dozens of hits per hour
on both ports.
--
Mike Perkins
More information about the mythtv-users
mailing list