[mythtv] MythWeb

Raymond Wagner raymond at wagnerrp.com
Thu Jan 30 12:51:43 UTC 2014

On 1/30/2014 7:47 AM, Paul Gardiner wrote:
> On 30/01/2014 10:56, Jean-Yves Avenard wrote:
>> Didn't you read what I wrote earlier? You never present directly the
>> service.
>> You expose it via various methods: such as apache httpd proxy.
> Okay, I'm probably not understanding, but I'd assumed that would still
> mean you are handling raw http requests, so a buffer overrun bug is
> potentially exploitable to run a process. Does the proxy somehow
> prevent that?

Yes. The proxy would handle authentication. You never touch the backend 
unless you've already been authenticated.

More information about the mythtv-dev mailing list