[mythtv] hello and question

Michael Watson michael at thewatsonfamily.id.au
Fri Dec 21 03:15:35 UTC 2012


On 21/12/2012 1:38 PM, Raymond Wagner wrote:
> On 12/20/2012 16:43, Michael Watson wrote:
>> The users dont have access to the Myth Protocol, only XBMC Does!
>
> You do realize that if users can run XBMC which speaks to mythbackend 
> over the internal protocol, they can run whatever the hell else they 
> want to communicate using the internal protocol. Restrictions 
> implemented client-side are absolutely meaningless when the user can 
> run any client they choose. Security measures must be in place on the 
> backend, and there are currently next to none. The protocol is 
> unauthenticated, in plain text, and the only real protection measures 
> anywhere in it are simple sanity checks to prevent clients from 
> breaching the boundaries of the storage path roots.

So running Myth Frontend has the same issues, or any other machine on 
the same network.





More information about the mythtv-dev mailing list