I host my sabnzbd on a port open to the world, for the convenience of accessing it anywhere. I've put up a username/password to make this less of an enormous security hole.
As a matter of convenience, is it possible to add ip-based exemptions to requiring the login credentials? For example, adding an exemption so I can just open the web page on the actual machine without requiring credentials? I think this would more or less be the best possibility and the most flexible (useful in situations beside mine, especially since you could exempt local host and not need credentials for any extensions)
If that's not possible, is there any way to do it based on whether SAB is being access via loopback, internal ip or externally? That would give less fine grained control, but might be easier to implement.
I'm not sure how plausible this is, since v5 is using http auth, but I figure I can't be the only one who might find something like this useful.
Per-IP exemptions for login
-
- Release Testers
- Posts: 181
- Joined: January 30th, 2009, 12:26 pm
Re: Per-IP exemptions for login
I'd also like this. But this kind of stuff is never top of the list for devs =/
As a workaround, you could set up a local apache server and use that to require and manage accounts and authentication, disabling the in-built sab password access.
I plan to do this myself sometime, adding full user auth designed for SAB with php and mysql.
Something else worth mentioning (in case you aren't aware) is that you can bookmark and access sab with the credentials in the url, so you don't have to input them manually all the time.
In firefox, a security alert pops up making sure you intend to log into x with y and z, which is annoying. There is a way to disable this warning (at the cost of some security) which I'll find, if you're interested.
Again, not quite what you're asking for but something that you might find useful is autoauth, a firefox extension.
It automatically submits any http auth if there are saved credentials. I use this, because I have sab as a permanent tab in my browser. When I open firefox autoauth works and I don't have to sit around submitting credentials to 30 odd tabs that require authentication.
Hopefully this might help.
As a workaround, you could set up a local apache server and use that to require and manage accounts and authentication, disabling the in-built sab password access.
I plan to do this myself sometime, adding full user auth designed for SAB with php and mysql.
Something else worth mentioning (in case you aren't aware) is that you can bookmark and access sab with the credentials in the url, so you don't have to input them manually all the time.
In firefox, a security alert pops up making sure you intend to log into x with y and z, which is annoying. There is a way to disable this warning (at the cost of some security) which I'll find, if you're interested.
Again, not quite what you're asking for but something that you might find useful is autoauth, a firefox extension.
It automatically submits any http auth if there are saved credentials. I use this, because I have sab as a permanent tab in my browser. When I open firefox autoauth works and I don't have to sit around submitting credentials to 30 odd tabs that require authentication.
Hopefully this might help.
Re: Per-IP exemptions for login
There already a request in our tracker asking for cookie-based savng of
login credentials. The way most sites do that.
This should lessen this problem.
login credentials. The way most sites do that.
This should lessen this problem.