[mythtv] MythWeb

[Paul Gardiner]

On 30/01/2014 10:56, Jean-Yves Avenard wrote:
> Hi
>
> On Thursday, January 30, 2014, Paul Gardiner <lists at glidos.net
> <mailto:lists at glidos.net>> wrote:
>
>     On 30 January 2014 07:03:07 GMT, Jean-Yves Avenard
>     <jyavenard at gmail.com <javascript:;>> wrote:
>      >On Thursday, January 30, 2014, Paul Gardiner <lists at glidos.net
>     <javascript:;>> wrote:
>      >
>      >>
>      >>
>      >> I said just said "take over port 80" to match the previous post. I
>      >think
>      >> which port you use is irrelevant. Which ever you use, most users
>     will
>      >want
>      >> it open to the internet, and you are processing raw http requests
>      >from
>      >> potential attackers.
>      >>
>      >>
>      >Then it's just a matter of educating the user with best practice; or
>      >let
>      >the packagers handle that.
>      >
>      >No need to expose the mythbackend port to everyone out there.
>
>     But surely you need it exposed so that you can set up recordings
>     when away from home.
>
>
> Didn't you read what I wrote earlier? You never present directly the
> service.
>
> You expose it via various methods: such as apache httpd proxy.

Okay, I'm probably not understanding, but I'd assumed that would still
mean you are handling raw http requests, so a buffer overrun bug is
potentially exploitable to run a process. Does the proxy somehow
prevent that?

P.