[mythtv-users] No upcoming recordings just spurious Never Record?

Andre Newman mythtv-list at dinkum.org.uk
Wed Apr 8 08:02:51 UTC 2015


On 7 Apr 2015, at 16:01, Mike Perkins <mikep at randomtraveller.org.uk> wrote:

>> 
> The bigger question might be, why is the OP allowing port 80 (or 443?) access from the internet to his site?

Because there are other web pages running on that server and because surely checking up on MythTV and scheduling recordings while out and about is a big part of the point of MythTV?

These days every application has some Internet angle or Internet is the whole point, even UK Sky boxes can be Internet controlled if only at a very basic level.

> 
> If you need to use mythweb from outside your firewall a non-standard port number is always advised, for the reason that bots will crawl your site if you don't. Leaving port 80 open is asking for trouble, and not just from bots.

Well maybe but that is really only security through obscurity, remind me again how well that worked out for Microsoft? :-P

I am a little concerned going forward to 0.28 when presumably the mythweb functionality will be replaced with the Myth internal webservices. I suspect it will take a while for that service to be debugged and there may well be a few security hiccups along the way, I’ll be amazed if there aren’t!

I’m far more concerned about allowing an internal MythTV interface out on the Internet than a bunch of php running on Apache, while that can be a swiss cheese of security “issues” at least there are lots of eyes on it and lots of Internet exposure.

I presume it’s going to be necessary to run the MythTV web services behind some sort of reverse proxy for Internet sanitisation. I’m happy to do that after all Apache is already on that server for other things but not prepared to start mucking around with vpn or ssh tunnel connections “just for television”.


Andre


More information about the mythtv-users mailing list