pippin wrote: > I understand that and it helps to prevent easy fiddling with the server, > that's what I meant. > The real security risk of opening a port of course is a different one: > someone hacking LMS (or your proxy) to gain access to your computer. > Adding a proxy there reduces the risk of hacking LMS but does not reduce > the risk of hacking your proxy. > > I personally would not guarantee for my software in this regard, it's > incredibly hard to write decently secure software, especially if there > are so many library dependencies as in a Perl environment (although Perl > being a common server language is at least under some scrutiny here) so > to rely on something more proven is probably a good idea.
Understood. I'll do what I can to implement options to protect users as much as possible. However, at the end of the day, the user must make the decision on whether or not to open their systems to potential intrusion and if it's a concern, the option exists not to use the skill. It's not critical to enjoying squeezeboxes after all! I'm spending time on this to address the legitimate concern raised about exposing LMS directly. I'm building in a proxy but the LMS plug-in by it's very nature also permits users to specify their own proxy. If they want to run something more robust on their network, this will work too. So essentially users can configure the plug in to; 1. Provide direct access to their LMS (not recommended) 2. Use an inbuilt proxy to provide a certain level of security 3. Specify an independent proxy under their control 4. Not use the skill at all. (switch it off!) ------------------------------------------------------------------------ meep's Profile: http://forums.slimdevices.com/member.php?userid=12744 View this thread: http://forums.slimdevices.com/showthread.php?t=106149 _______________________________________________ Squeezecenter mailing list Squeezecenter@lists.slimdevices.com http://lists.slimdevices.com/mailman/listinfo/squeezecenter