On 9 February 2013 03:19, <[email protected]> wrote: > Any web application running on your local machine and accessible from the > outside world could pose a security problem. Especially with an application > that read and write to the hard drive. It takes lots of debugging to > "prove" that a web application running locally can't be tricked into > downloading and running an executable. Even major players in the web server > world get hacked. To me, the best use would be within your home network. > For instance, if you wanted to set up quiz cards for the kids to work on > from their tablets. Then you could inspect their progress after they've > gone to bed ;-) > > After you run mnemosyne-webserver, just open up http://<server IP>:8513 > in your browser to see the application web page. > > If the IP begins 192.168.... then its probably the IP address assigned by > your router that you're seeing. > > Although its not likely someone will scan and find your open 8513 port, I > think I would check the firewall (if there is one) at the router and see if > it can block that port. > > Routers generally act as a firewall in this regard by design, since if they receive packets on port 8513, how do they know which of the computers in your local network was supposed to receive it?
By default then, most if not all routers will get rid of this packet unless either: 1) A port forwarding rule is established which tells the router "forward any data arriving at port 8513 to my PC downstairs (e.g. 192.168.1.4)". 2) Your computer is set as the "DMZ", aka the destination of all packets not matching a port-forwarding rule, which would otherwise be dropped. This is generally not a good idea, of course. It's possible for software to ask the router to set up port forwarding rules through some protocols - this is commonly done by Bittorrent software. It's also possible, but unlikely, that a router has been misconfigured to set your PC as the DMZ. So indeed it is worth checking whether your ports are visible to the outside world. Oisín Mark > > On Friday, November 23, 2012 2:41:48 PM UTC-8, [email protected] wrote: >> >> Greetings - >> >> After reading positive reviews, I am trying out mnemosyne (despite its >> rather intimidating anti-mnemonic name) because it is the only free >> flashcard software I've found with the feature "Webserver for reviews >> through a browser". But the rest of that description puzzles me: >> >> - "contains no security ": not sure what that means. Does that mean the >> server is an easy target for hackers, and therefore should not be publicly >> accessible? Or does it simply mean clients can't authenticate? >> - "not yet integrated with the GUI": GUI-free is the norm in servers. So >> what is missing from this one? >> - "Run the mnemosyne-webserver executable instead of the main executable >> and follow the instructions.": I ran mnemosyne-webserver but didn't see any >> instructions to follow, only these messages: >> >> "Prototype of Mnemosyne web server. It works, but is not yet integrated in >> the desktop application, and has no security. >> >> Server listening on http://<server IP>:8513" >> >> (I'm omitting the server IP, to avoid publicizing a server that "has no >> security") >> >> Another problem: >> $ python mnemosyne-webserver >> Traceback (most recent call last): >> File "mnemosyne-webserver", line 15, in <module> >> from openSM2sync.server import realsocket >> ImportError: No module named openSM2sync.server >> >> Worked around by setting PYTHONPATH to the top-level directory. >> >> The HTML page sent by the server has no menu, no input form, no links, no >> controls (no grade or answer buttons). Just an empty box labelled >> "Question:", an empty box labelled "Answer:", and the cryptic line "Sch.: >> 0 Not mem.: 0 Act.: 0". (Looked pretty secure to me!). At this point, I >> recalled reading one positive review: "Mnemosyne has a simple, Zen-like >> interface". While it is certainly true that a server that accepts no input >> and offers no meaningful output frees itself from the karma of cause and >> effect, I was not feeling the nirvana. Frustrated, after searching in vain >> for a clue, I finally tried ftp'ing default.db* from my laptop to the host >> and then restarting the server. Voila - flashcards and controls appeared! >> But it felt like cheating, so I tried a sync instead (trying both default >> port 8512 and web port 8513), but the server was not found. And I couldn't >> find how to start the host's sync server. Is that what is meant by "not yet >> integrated"? >> >> Also, in top-level directory, when I ran "python setup.py install --user" >> it returned: >> >> copying mnemosyne.desktop -> /usr/share/applications >> error: /usr/share/applications/**mnemosyne.desktop: Permission denied >> >> The host is Debian 6.0.5, Python 2.6.6. What am I missing? Ma Zen may be >> mysterious but, like I said, she runs the only game in town. So I will be >> pleased with a response of "You ignorant slut, it all works fine - just >> read the freakin manual". But please give me a hint where to look. >> >> Thanks! >> >> -- > You received this message because you are subscribed to the Google Groups > "mnemosyne-proj-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected] > . > To view this discussion on the web visit > https://groups.google.com/d/msg/mnemosyne-proj-users/-/42oI1jPrrVkJ. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "mnemosyne-proj-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
