Hello,
I was wondering if, being browser based, SAB is less secure/more risky than something such as Newsbin. I'm not sure if that's a dumb question, but I thought I'd ask.
What do you do to minimize risk? I was using VyprVPN, but then my ISP blocked their IP, which got me worried for a second.
Cheers!
Security question
Forum rules
Help us help you:
Help us help you:
- Are you using the latest stable version of SABnzbd? Downloads page.
- Tell us what system you run SABnzbd on.
- Adhere to the forum rules.
- Do you experience problems during downloading?
Check your connection in Status and Interface settings window.
Use Test Server in Config > Servers.
We will probably ask you to do a test using only basic settings. - Do you experience problems during repair or unpacking?
Enable +Debug logging in the Status and Interface settings window and share the relevant parts of the log here using [ code ] sections.
Re: Security question
It's not less secure, as long as you keep all traffic local.
You do this by using "localhost" as the host address for SABnzbd.
Nothing of the user interface will exit your system.
VyprVPN and your ISP both only see the Usenet traffic, of SABnzbd and of newsbin.
You do this by using "localhost" as the host address for SABnzbd.
Nothing of the user interface will exit your system.
VyprVPN and your ISP both only see the Usenet traffic, of SABnzbd and of newsbin.
Re: Security question
Thanks for the response!
Also, when enabling https, are the default key and certificate valid? I.e., is 'server' in server.cert and server.key supposed to be filled in with something else or left as is? I left them as is and I seem to be connected, I just had to make a security exception and it says it's run by 'unknown.'
Can everything in the https tab of the config general menu be left in their default values? I'm connected to SAB through an https localhost connection with everything default, using ssl ports while connected to my usenet server, and all being run through a chameleon vpn. Sound good? Sorry if all of this is dumb.
Also, when enabling https, are the default key and certificate valid? I.e., is 'server' in server.cert and server.key supposed to be filled in with something else or left as is? I left them as is and I seem to be connected, I just had to make a security exception and it says it's run by 'unknown.'
Can everything in the https tab of the config general menu be left in their default values? I'm connected to SAB through an https localhost connection with everything default, using ssl ports while connected to my usenet server, and all being run through a chameleon vpn. Sound good? Sorry if all of this is dumb.
Re: Security question
It's usable, but it's not an official certificate. It cannot be.mreofmrv wrote: are the default key and certificate valid?
Firefox allows you to store a permanent exception for such a certificate,
but other browsers are rather paranoid about it.
HTTPS for the internal server and SSL for usenet are completely separated.mreofmrv wrote: Can everything in the https tab of the config general menu be left in their default values?
As long as you're not leaving your home network, there's no need to use HTTPS.
SSL for Usenet is always recommended, otherwise the password of your Usenet account will be sent as plain text.