stuarta at squashedfrog.net
Thu Jan 30 14:36:25 UTC 2014
On 01/29/2014 06:55 PM, Jay Ashworth wrote:
> ----- Original Message -----
>> From: "Steve Campbell" <orcusmaximus at gmail.com>
>> Hmm. Lets look at those points
>> a) You should always use the best programming language for the job.
>> PHP is much easier to maintain/develop in than C++ (at least for PHP
>> as possible.
>> b) The integral web interface and frontend seem way outdated compared
>> to Mythweb
>> c) Is handled by the distribution package creators. There are good
>> arguments for keeping things modular.
>> I really don't want to knock Stuart who is doing a great job, but
>> please don't kill off Mythweb just yet.
> There's a much more important issue here.
> Does Myth *really* want to assume responsibility for public web security?
> If you take over answering port 80, *all of the backend* becomes the attack
> surface for *all of the internet*; everything is now a security bug.
Well that's where you've made your first assumption. The backend isn't
taking over port 80. It listens on a high port by default (6544).
You have to actively make arrangements in order to push port 80 traffic
to the backend.
As jya suggested, the best way of doing this is putting a normal
webserver on port 80/443 and proxying to the backend.
More information about the mythtv-dev