search

LogicReinc / LogicReinc.BlendFarm

A stand-alone Blender Network Renderer
GNU General Public License v3.0
412 stars 35 forks source link

request: Basic security for internet-exposed servers #76

Closed crowbait closed 11 months ago

crowbait commented 1 year ago

I have access to a powerful server, but just mid-tier components on my local machine. The use case for me is obviously running the server on my - duh - server, which would be exposed to the internet (the server is located in a commercial data center, so there is no other way).

It would be extremely useful AND I'd say quite easy to do, to just add very basic authentication. Setting a password on the server (config file?) and having the client be required to match it would be sufficient. No matter how basic it is, at least some form of authentication strikes me as an absolute must have.

LogicReinc commented 1 year ago

I agree that if it is exposed to the internet, this is an absolute must. That being said, I highly don't recommend doing that personally due to the nature of what BlendFarm does (loading blendfiles on remote computers as well as triggering executables).

But I understand your situation, and I'll see if I can add something very basic in the upcoming build. (Which will contain asset sync, ETA 1-2 weeks, but cant guarantee due to work)

crowbait commented 1 year ago

I agree that if it is exposed to the internet, this is an absolute must. That being said, I highly don't recommend doing that personally due to the nature of what BlendFarm does (loading blendfiles on remote computers as well as triggering executables).

That's exactly why we need that kind of feature. The whole idea of being able to offload work to a remote computer implies connectivity outside the local network imho. I'll be looking forward to that release then (please remember to update your docs if you include that kind of change - just a friendly reminder 🙂 ).

mistaox commented 1 year ago

You may want to look into using something like ZeroTier or Netmaker to create a Wireguard VPN. This will allow you to seamlessly connect multiple machines and address your security concerns.

LogicReinc commented 1 year ago

You may want to look into using something like ZeroTier or Netmaker to create a Wireguard VPN. This will allow you to seamlessly connect multiple machines and address your security concerns.

This is indeed to proper solution to your problem. Nevertheless I intend to add some very basic security into the protocol.

LogicReinc commented 11 months ago

Solved in upcoming 1.1.5

LogicReinc commented 11 months ago

In the ServerSettings.json for servers you can now add a property "BasicSecurityPassword": "YourPassword". You can then add this password in your client for a given node in the node settings.

Again, I do not recommend this as your sole security measure. This password is clearly not safely stored, and not safely transmitted either, so its vulnerable to a series of attacks. A VPN setup is recommended. BlendFarm assumes a safe running environment.

I'll update the FAQ with this info in the near future including these disclaimers.