Closed PipeL1n3 closed 2 years ago
fzwoch
commented
2 years ago This project really aims to have a simple, easy to use solution for this specific task. If security is a concern I'd not recommend to use this plugin in the first place as there is no encryption layer anywhere here.
If someone want to step up feel free to do so. I personally have no interested spending my time on that area though.
no-connections
commented
2 years ago A plugin like this will always have security concerns since it's nested in an application that runs as admin (most of the time). I don't know how robust it is against errors and buffer overflow and that sort of thing, but as fzwoch said treat it like and open wound and protect it accordingly. There is nothing preventing you from opening up to only a single IP in the firewall if that is your concern.
The ability to select ports to make it easier to manage firewall rules would be a good thing to have.
PipeL1n3
commented
2 years ago I am fully aware it always will be somewhat like an "open wound" like @no-connections called it and its okay. It just would be great to have docs which states, what ports are used and have to be opened for it to work, so we open that ones and live with the risk.
See it like that: My Neighbor and I living both on the 3rd Floor in Houses on each other Side of the Street. To let him view to my TV in the livingroom, i just have to open the window to balcony. Its okay and I cannot prevent that the neighbor on the 4rd Floor also can watch my TV, But its a diference to just open that window or we open all windows and the front door, so everyone who likes can step inside and take a look or watching my girlfriend bathing through Bath-window :D
The ability to select ports to make it easier to manage firewall rules would be a good thing to have.
Agree
fzwoch
commented
2 years ago Sounds simpler to allow a specific host to access all ports - but I understand the desire to force it a specific port. Although this manual port management gives me the shivers, here you go:
54a656c0d3480810a61b906aba9c90244c8f8d74 should allow setting a port.
P.S. I haven't verified if its working correctly.
fzwoch
commented
2 years ago 0.4.1 should have that option. So you can open a port on the sender's firewall accordingly.
In case discovery is working, but no video or audio is transmitted make sure to disable the network firewall on the sender.Well its a way to let things work, but to push this plugin in a more professional direction it would be great to have some info or howto how to keep things running with firewalls active (on both sending and receiving PC). Whats used for discovery? mDNS? Are there ports that have to be opened for the receiver to grab a stream from sender? (i think this might the way its working) How to change this standards-ports in case of collision? If there are more than one, how to predict which will be choosen (to only open exactly this one).
Don´t get me wrong, i am aware this is only for LAN-use, but not all LANs we´re in are complety trust-worthy, esp. if your setup is mobile. Also there might be compromitted PCs on LAN, trying to use some leaking services on PCs, if they´re not accessable in first place, it would improve security.