[mythtv] hello and question
Michael Watson
michael at thewatsonfamily.id.au
Fri Dec 21 03:15:35 UTC 2012
On 21/12/2012 1:38 PM, Raymond Wagner wrote:
> On 12/20/2012 16:43, Michael Watson wrote:
>> The users dont have access to the Myth Protocol, only XBMC Does!
>
> You do realize that if users can run XBMC which speaks to mythbackend
> over the internal protocol, they can run whatever the hell else they
> want to communicate using the internal protocol. Restrictions
> implemented client-side are absolutely meaningless when the user can
> run any client they choose. Security measures must be in place on the
> backend, and there are currently next to none. The protocol is
> unauthenticated, in plain text, and the only real protection measures
> anywhere in it are simple sanity checks to prevent clients from
> breaching the boundaries of the storage path roots.
So running Myth Frontend has the same issues, or any other machine on
the same network.
More information about the mythtv-dev
mailing list