Security question

Get help with all aspects of SABnzbd
Forum rules
Help us help you:
  • Are you using the latest stable version of SABnzbd? Downloads page.
  • Tell us what system you run SABnzbd on.
  • Adhere to the forum rules.
  • Do you experience problems during downloading?
    Check your connection in Status and Interface settings window.
    Use Test Server in Config > Servers.
    We will probably ask you to do a test using only basic settings.
  • Do you experience problems during repair or unpacking?
    Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Post Reply
mreofmrv
Newbie
Newbie
Posts: 4
Joined: October 9th, 2014, 12:12 pm

Security question

Post by mreofmrv »

Hello,

I was wondering if, being browser based, SAB is less secure/more risky than something such as Newsbin. I'm not sure if that's a dumb question, but I thought I'd ask.

What do you do to minimize risk? I was using VyprVPN, but then my ISP blocked their IP, which got me worried for a second.

Cheers!
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: Security question

Post by shypike »

It's not less secure, as long as you keep all traffic local.
You do this by using "localhost" as the host address for SABnzbd.
Nothing of the user interface will exit your system.

VyprVPN and your ISP both only see the Usenet traffic, of SABnzbd and of newsbin.
mreofmrv
Newbie
Newbie
Posts: 4
Joined: October 9th, 2014, 12:12 pm

Re: Security question

Post by mreofmrv »

Thanks for the response!

Also, when enabling https, are the default key and certificate valid? I.e., is 'server' in server.cert and server.key supposed to be filled in with something else or left as is? I left them as is and I seem to be connected, I just had to make a security exception and it says it's run by 'unknown.'

Can everything in the https tab of the config general menu be left in their default values? I'm connected to SAB through an https localhost connection with everything default, using ssl ports while connected to my usenet server, and all being run through a chameleon vpn. Sound good? Sorry if all of this is dumb.
User avatar
shypike
Administrator
Administrator
Posts: 19774
Joined: January 18th, 2008, 12:49 pm

Re: Security question

Post by shypike »

mreofmrv wrote: are the default key and certificate valid?
It's usable, but it's not an official certificate. It cannot be.
Firefox allows you to store a permanent exception for such a certificate,
but other browsers are rather paranoid about it.
mreofmrv wrote: Can everything in the https tab of the config general menu be left in their default values?
HTTPS for the internal server and SSL for usenet are completely separated.
As long as you're not leaving your home network, there's no need to use HTTPS.
SSL for Usenet is always recommended, otherwise the password of your Usenet account will be sent as plain text.
Post Reply