what is your opinion on security in plugin's? (1 Viewer)

[MrSensitive]

Yesterday i was finishing the nowplaying feature for the MPBlue PocketPC client, and I started to wonder..

the nowplaying data is multicasted via UDP (multicast required clients to subscribe in order to receive the data)
for now it is transfered via clear text, meaning tha just about everybody on the network can see what you are listening to (or watching)

the same applies to the webservices that I use to control MP and to interface with the libraries (I would think that the external control plugin has the same issues since it is using the same principle)

I would like to know your thoughts about this?
in a house this might not ba such a big issue (you do have a firewall instelled that blocks this kind of stuff do you?)
but there might be other environments where Mediaportal is used..

 

[MrSensitive]

OK, cool.

nobody seems to care about security.. :?

makes coding a lot easier.. :mrgreen:

 

[mzemina]

Well you may want to give people just a little more time to answer.

For me it wouldn't matter at the present time, because I would only be looking to stream inside my home network and my firewall would prevent the stream from going outside it.

But that is just me, maybe in a year and I would be traveling and I could imagine that I may want to stream to my laptop in another city so I could see a show I "taped" that night before so I wouldn't have to take up family time and watch it when I returned home from the trip.

Mike

 

[MrSensitive]

Well you may want to give people just a little more time to answer.

eh, good point, sorry for the pressure
But you can't blame someone for being enthusiastic can you

I going to forget security for a while..

 

[mzemina]

Well you may want to give people just a little more time to answer.

eh, good point, sorry for the pressure
But you can't blame someone for being enthusiastic can you

I going to forget security for a while..

I certainly don't blame you for your enthusiasm - I hope it is contagious! You are doing such a great job and I can't wait for this project to be fully developed with the ability for users to skin this like MP and fully control MP! It will be so cool!

Mike

 

[samuel337]

The external control plugin's web service is only accessible from the local network. The actual remoting port though however, is accessible to all - I should get that restricted to local network IP addresses too.

I've been thinking about security too, but I'm not sure what is appropriate and what will be an overkill (e.g. using WSE 2.0). I'm not particularly knowledgeable in web service security, so any ideas would be great.

Sam

 

[MrSensitive]

I never quite understood WSE 2.0 (or 3.0)
and as far as I can tell, Webservice security is only possible when the webservices are hosted in IIS. (wich is not exactly an option..)

what we are doing at work is using a login webservice wich returns a token, all other webservices only return data when the token is valid.. but that is also a difficult approach.