[mythtv-users] Has anyone configured a "semi"-diskless frontend?
Adam Felson
a.f.6 at pobox.com
Fri Jan 7 10:10:16 EST 2005
Why would you have to worry so about security on your LAN?
Are you worries somebody is going to break into your house, connect
physically to lan, and spoof a mythbox and watch tv? :-p
On Fri, 2005-01-07 at 01:00 -0800, Brad Templeton wrote:
> On Fri, Jan 07, 2005 at 08:36:43AM -0000, mythtv-users at fastdruid.co.uk wrote:
> > Better than that why not do it by MAC address recognition, first time a
> > machine
> > pops up the backend asks if you want to allow it, if you say yes that
> > MAC/IP
> > is stored. Next time it pops up it will go oh yes I grant access to that
> > one.
>
> Unfortunately the MAC address is totally insecure. You really want
> the remote computer to have some way of remembering something to
> authenticate itself. It would be nice, actually, if there were an
> official way to make use of some of the unusued flash space the bios
> sits in, for example.
>
> There are some tricks you can play, which are not super secure but
> much better than the MAC. For example, you can calculate a signature
> of sorts for the hardware of the machine in some fashion (pulling out
> non-public things like identifiers of all the non-removable PNP hardware,
> anything with serial numbers etc.) It doesn't have to be portable, as
> long as you can get something non-guessable that will remain the same
> boot to boot. (If it changes you have to re-auth.)
>
> Then you have a secret number you can use to prove you're the same
> machine that authenticated last time.
>
> Short of all this, the user can type in a password of course. And that's
> actually not that dreadful really. Client boots, user enters password,
> and you're up. No IP addresses or any of that stuff. This is
> easy to implement and modestly secure against random attempts to
> screw up your systems.
>
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
--
Adam Felson <a.f.6 at pobox.com>
More information about the mythtv-users
mailing list