Subsonic Forum

forum.subsonic.org
http://forum.subsonic.org/forum/

Security

http://forum.subsonic.org/forum/viewtopic.php?f=2&t=83

Page 1 of 1

Security

PostPosted: Fri Jul 21, 2006 6:31 am
by airrob
I currently have Subsonic set up on my local network, and it's fantastic! Great job!

I am considering open it up to the outside Internet for remote access, but want to make it as secure as possible. I guess this entails creating a limited access user (on Windows XP), and restricting the user's access.

My question is: what access would that user need to what folders? Read+write+execute to c:\subsonic? (That should be configurable btw.) Read+execute access to c:\prog files\tomcat? Also, what other security measures should I consider taking?

PostPosted: Fri Jul 21, 2006 7:03 am
by sindre_mehus
Hi, and welcome to the forum :-)

You must have read/write/exec for c:\subsonic (by the way, you can configure what directory to use by specifying -Dsubsonic.home=c:\some\directory) in the command line arguments of Tomcat.

You must also have read/write/exec for c:\prog files\tomcat.

To browse your music collection and stream music I would think read/exec is enough for your music folders, but to edit tags, change cover art, add comments etc you should also have write permissions.

For further safety you should consider using SSL/HTTPS (see http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html for details). Please note that many players don't support streaming over HTTPS. Subsonic 2.8 will have a new feature for forcing streams to use HTTP, while the rest of the traffic uses HTTPS.

Sindre

PostPosted: Fri Jul 21, 2006 5:53 pm
by airrob
That sounds great - thanks so much for your prompt response!

Is there an approximate ETA for Subsonic 2.8? This month, next month, this year, etc?

PostPosted: Fri Jul 21, 2006 6:01 pm
by sindre_mehus
That's always hard to say, but I expect it to be ready in a couple of months. A beta version will be available eariler, though, maybe in a month's time.

Sindre

PostPosted: Sat Jul 22, 2006 5:36 am
by airrob
Is there any way to force HTTP streams for the interim? I have HTTPS all set up, but Winamp doesn't support HTTPS streams. I really want to open this up to the outside, but I want to make it secure.

Would I need to have a different HTTP connector on a separate port for these streams?

PostPosted: Thu Aug 03, 2006 6:43 pm
by sindre_mehus
Can't think of any interim work-around, I'm afraid (except from using a player which support HTTPS).

Yeah, you must have both HTTP and HTTPS connectors enabled.

PostPosted: Fri Aug 04, 2006 3:15 pm
by sindre_mehus
The beta version of Subsonic 2.8 is now ready. See http://forum.subsonic.org/forum/viewtopic.php?p=303

Sindre
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/