PDA

View Full Version : Idiot doesn't password protect SLiM server (was SLiM serverhacked?)



Mark Palmberg
2005-02-07, 13:27
http://bugs.slimdevices.com/show_bug.cgi?id=437

Yes, this is what I'm talking about.

I have a friend who likes to access my library from coffee shops,
libraries, bus stops, whatever, and it'd be nice just to leave the
9000 port open and hide all the SLiM server settings from anyone
accessing the Web interface from outside my LAN IP range. He has
enough passwords to remember/store, and a feature like this could only
help make SLiM server that much more secure (even though people can
only really *see* your wallet, not get your cash...for now).

Aaron Zinck
2005-02-07, 14:16
If he uses softsqueeze he can point it at your server and as long as you
haven't blocked his IP (and as long as the two slim ports are exposed
through the firewall) then he will be able to fully use softsqueeze to
listen to your music. This works even when slimserver is set to require a
password.


"Mark Palmberg" <palmberg (AT) gmail (DOT) com> wrote in
message news:9b14e15b0502071227160a4e46 (AT) mail (DOT) gmail.com...
> http://bugs.slimdevices.com/show_bug.cgi?id=437
>
> Yes, this is what I'm talking about.
>
> I have a friend who likes to access my library from coffee shops,
> libraries, bus stops, whatever, and it'd be nice just to leave the
> 9000 port open and hide all the SLiM server settings from anyone
> accessing the Web interface from outside my LAN IP range. He has
> enough passwords to remember/store, and a feature like this could only
> help make SLiM server that much more secure (even though people can
> only really *see* your wallet, not get your cash...for now).

Jack Coates
2005-02-07, 14:22
Aaron Zinck wrote:
> If he uses softsqueeze he can point it at your server and as long as you
> haven't blocked his IP (and as long as the two slim ports are exposed
> through the firewall) then he will be able to fully use softsqueeze to
> listen to your music. This works even when slimserver is set to require a
> password.
>
>

still far better to use the SSH tunneling feature of Softsqueeze.

--
Jack at Monkeynoodle dot Org: It's a Scientific Venture...
Riding the Emergency Third Rail Power Trip since 1996!