[mythtv] MythWeb

Paul Gardiner lists at glidos.net
Thu Jan 30 06:20:33 UTC 2014


On 29 January 2014 19:06:22 GMT, Gary Buhrmaster <gary.buhrmaster at gmail.com> wrote:
>On Wed, Jan 29, 2014 at 6:55 PM, Jay Ashworth <jra at baylink.com> wrote:
>....
>> Does Myth *really* want to assume responsibility for public web
>security?
>
>Nope, and neither should the existing MythWeb PHP functions
>(if you search carefully, you can find people who put MythWeb
>on the 'net; you could delete all their recordings, and remove
>all their rules, should one be appropriately so evilly inclined).

I don't think that was the point Jay was making. If you take over port 80, then bugs can possibly open up a way to run arbitrary code on the server (albeit as mythbackend user). It's far worse than just the loss of some recordings. I'm now starting to wonder whether this new approach is a bad idea.

I get the wish to avoid rewriting existing cpp code in php, but why not provide php veneers over the existing cpp. And surely the new way means providing our own versions of parts of apache.


More information about the mythtv-dev mailing list