[mythtv-users] No upcoming recordings just spurious Never Record?

Thu Apr 9 16:49:58 UTC 2015

On 9 Apr 2015, at 17:20, Peter Bennett (cats22) <cats22 at comcast.net> wrote:

> On 04/08/2015 04:02 AM, Andre Newman wrote:
>> On 7 Apr 2015, at 16:01, Mike Perkins <mikep at randomtraveller.org.uk> wrote:
>> 
>>> The bigger question might be, why is the OP allowing port 80 (or 443?) access from the internet to his site?
>> Because there are other web pages running on that server and because surely checking up on MythTV and scheduling recordings while out and about is a big part of the point of MythTV?
>> 
>> These days every application has some Internet angle or Internet is the whole point, even UK Sky boxes can be Internet controlled if only at a very basic level.
>> 
>>> If you need to use mythweb from outside your firewall a non-standard port number is always advised, for the reason that bots will crawl your site if you don't. Leaving port 80 open is asking for trouble, and not just from bots.
>> Well maybe but that is really only security through obscurity, remind me again how well that worked out for Microsoft? :-P
>> 
>> I am a little concerned going forward to 0.28 when presumably the mythweb functionality will be replaced with the Myth internal webservices. I suspect it will take a while for that service to be debugged and there may well be a few security hiccups along the way, I’ll be amazed if there aren’t!
>> 
>> I’m far more concerned about allowing an internal MythTV interface out on the Internet than a bunch of php running on Apache, while that can be a swiss cheese of security “issues” at least there are lots of eyes on it and lots of Internet exposure.
>> 
>> I presume it’s going to be necessary to run the MythTV web services behind some sort of reverse proxy for Internet sanitisation. I’m happy to do that after all Apache is already on that server for other things but not prepared to start mucking around with vpn or ssh tunnel connections “just for television”.
>> 
> 
> When you install mythweb it prompts for whether you want password
> protection. To me that is an essential if you expose it on the Internet.

Of course and this had all been followed and tested, initially.

For some as yet unidentified reason the password auth got mangled at some point and a bigger problem was I didn’t notice!

I didn't bother with forensics to find the cause of the problem, this is my home system, I’m not being paid to find the original cause or trigger. ;-)

Mythbuntu control center generated errors also dpkg-reconfigure so I decided the most reliable way was to configure it the old fashioned way, manually.

I’m now wondering about setting up some client side certificate authentication, although that eliminates the possibility of random machine logins to check TV guide or schedule something.

> Otherwise anybody can get in and change your recording settings, delete
> recordings, download your recordings and so on. With Ubuntu you should
> be able to add password security by doing a dpkg-reconfigure on it,
> otherwise go into apache configuration and add password protection (I am
> not sure how to do that - it will involve updating conf files).

It’s well documented, I’m not sure the best place for a beginners guide, I just use the local Apache docs.

Andre