Brad wrote: > > On Thu, Jan 06, 2005 at 06:11:22PM -0600, Kevin Kuphal wrote: > > It'd sure be nice if there was a way for a mythfrontend to discover > > all > > the settings needed on a network. Something like > > Rendevous/ZeroConf/UPnP. Does anyone who runs KnoppMyth in > this way > > know what all the settings are that are asked for on boot? > Is it just > > the address of the master backend or are there more? > > Strictly, it's the address of the database server, which then > reveals the address of the master backend and other backends. > > Indeed, discovery and plug and play are very useful ideas, > and no doubt are on the feature list somewhere. > > You can't really discover SQL servers without opening up > their security > more than people like. So what would make sense would be for the > master backend to listen for broadcast packets on a port, and > respond to them with config info for frontends and other backends.
>From a 'proper' security point of view you don't want your database to be findable, however from a 'I'm running this on a private network with a decent firewall/no internet connection and no important information saved' point of view it would be nice to have the option. <snip> > > The most secure way to do it and still be close to ZUI is as follows. > > a) Client boots up. > > b) Master backend prompts somebody (a trusted client, or a user on the > backend) saying, "1 and exactly 1 new clients have asked for > access. Grant it?" > > c) You say yes, and you can be (generally) sure you're only > giving access to the machine you just brought up. > > Ideally the front end machine is able to store something > somewhere (or have its own password as a key to data in the > database) so it doesn't have to follow this procedure every > time in boots. Better than that why not do it by MAC address recognition, first time a machine pops up the backend asks if you want to allow it, if you say yes that MAC/IP is stored. Next time it pops up it will go oh yes I grant access to that one. If it fails it could *then* ask for the username/password/backend IP, that would then work for dual boot machines[1]/windows machines. Regards David [1]Or any other risky machines you might not want to automatically pass the DB password to.
_______________________________________________ mythtv-users mailing list [email protected] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
