Closed crowbait closed 11 months ago
I agree that if it is exposed to the internet, this is an absolute must. That being said, I highly don't recommend doing that personally due to the nature of what BlendFarm does (loading blendfiles on remote computers as well as triggering executables).
But I understand your situation, and I'll see if I can add something very basic in the upcoming build. (Which will contain asset sync, ETA 1-2 weeks, but cant guarantee due to work)
I agree that if it is exposed to the internet, this is an absolute must. That being said, I highly don't recommend doing that personally due to the nature of what BlendFarm does (loading blendfiles on remote computers as well as triggering executables).
That's exactly why we need that kind of feature. The whole idea of being able to offload work to a remote computer implies connectivity outside the local network imho. I'll be looking forward to that release then (please remember to update your docs if you include that kind of change - just a friendly reminder 🙂 ).
You may want to look into using something like ZeroTier or Netmaker to create a Wireguard VPN. This will allow you to seamlessly connect multiple machines and address your security concerns.
You may want to look into using something like ZeroTier or Netmaker to create a Wireguard VPN. This will allow you to seamlessly connect multiple machines and address your security concerns.
This is indeed to proper solution to your problem. Nevertheless I intend to add some very basic security into the protocol.
Solved in upcoming 1.1.5
In the ServerSettings.json for servers you can now add a property "BasicSecurityPassword": "YourPassword". You can then add this password in your client for a given node in the node settings.
Again, I do not recommend this as your sole security measure. This password is clearly not safely stored, and not safely transmitted either, so its vulnerable to a series of attacks. A VPN setup is recommended. BlendFarm assumes a safe running environment.
I'll update the FAQ with this info in the near future including these disclaimers.
I have access to a powerful server, but just mid-tier components on my local machine. The use case for me is obviously running the server on my - duh - server, which would be exposed to the internet (the server is located in a commercial data center, so there is no other way).
It would be extremely useful AND I'd say quite easy to do, to just add very basic authentication. Setting a password on the server (config file?) and having the client be required to match it would be sufficient. No matter how basic it is, at least some form of authentication strikes me as an absolute must have.