PDA

View Full Version : Slimserver Security for Web Broadcasting



Brendtron
2005-09-04, 01:07
Hello all,

I have some questions about Slimserver security.

I've been looking around for some kind of MP3 jukebox with broadcasting built in for a while now. So far I have found dozens of abandoned Sourceforge projects, and one active project that is at version 0.2. Slimserver for the time being seems to be the best (most certainly the prettiest) web interface for broadcasting I can find.

Slimserver is fine for the home user running behind a firewall, but I'd like to open this up to my friends and perhaps later the public in general.

There are some issues with this.

1. I don't really want to have a service not designed for security from the ground up running on my box. I'm running FreeBSD 5.4, and will run Slimserver in a jail if I end up doing this.

2. I'd like a password for the admin interface, but no password (or a different one) for the stream. I'm no stranger to Perl, so if nobody has any ideas on this one I'll do it myself. Unless I'm missing something... but I didn't see any option to set a separate password for admin/stream.

3. Bandwidth. I think I've already found the section that controls the default bitrate for players, which I will set to 128kbps or lower.

4. Does anybody have any suggestions for better broadcasting software with a web interface? I haven't found anything too exciting for Icecast yet, but I will keep looking.

Let me know if you have any suggestions.

stinkingpig
2005-09-04, 08:57
Brendtron wrote:

>Hello all,
>
>I have some questions about Slimserver security.
>
>I've been looking around for some kind of MP3 jukebox with broadcasting
>built in for a while now. So far I have found dozens of abandoned
>Sourceforge projects, and one active project that is at version 0.2.
>Slimserver for the time being seems to be the best (most certainly the
>prettiest) web interface for broadcasting I can find.
>
>Slimserver is fine for the home user running behind a firewall, but I'd
>like to open this up to my friends and perhaps later the public in
>general.
>
>There are some issues with this.
>
>1. I don't really want to have a service not designed for security
>from the ground up running on my box. I'm running FreeBSD 5.4, and
>will run Slimserver in a jail if I end up doing this.
>
>
>
okay.

>2. I'd like a password for the admin interface, but no password (or a
>different one) for the stream. I'm no stranger to Perl, so if nobody
>has any ideas on this one I'll do it myself. Unless I'm missing
>something... but I didn't see any option to set a separate password for
>admin/stream.
>
>
>
there's a plugin which locks down the admin functions, I forget the name
but it's on the plugin page.

>3. Bandwidth. I think I've already found the section that controls
>the default bitrate for players, which I will set to 128kbps or lower.
>
>
okay. I like 64 kbps, but then my ears aren't so good and my uplink is
really slow :)

>4. Does anybody have any suggestions for better broadcasting software
>with a web interface? I haven't found anything too exciting for
>Icecast yet, but I will keep looking.
>
>
>
No. Icecast is a pain, don't waste your time unless you want to do your
own internet broadcasting with an audio streamer.

>Let me know if you have any suggestions.
>
>
Encourage the use of Softsqueeze -- not only is Slimserver a better
streaming platform, Softsqueeze is a better music player (at least for
working with a Slimserver). Plugging the stream.mp3 URL into some other
player works, but it's clunkier.

--
Jack at Monkeynoodle dot Org : It's a Scientific Venture!
"I spent all me tin with the ladies drinking gin,
so across the Western ocean I must wander." -- All for Me Grog, traditional

mherger
2005-09-04, 09:22
>> 2. I'd like a password for the admin interface, but no password (or a
>> different one) for the stream. I'm no stranger to Perl, so if nobody
>> has any ideas on this one I'll do it myself. Unless I'm missing
>> something... but I didn't see any option to set a separate password for
>> admin/stream.
>>
>>
> there's a plugin which locks down the admin functions, I forget the name
> but it's on the plugin page.

I think you're talking about NoSetup (available from my site -
http://www.herger.net/slim/). But beware that this is a weak protection.
What a perl literate person could read from the code would not even merit
the name "security hole" :-)

--

Michael

-----------------------------------------------------------
Help translate SlimServer by using the
StringEditor Plugin (http://www.herger.net/slim/)