Mailing List Archive

This is specified in the .htaccess file inthe mythweb2 directory. You can delete the line if you don#8217;t wantthe security, or add the appropriate .htpasswd file to your Apache setup.





-----Original Message-----
From:mythtv-users-bounces@mythtv.org [mailto:mythtv-users-bounces@mythtv.org] On Behalf Of Chris Germano
Sent: Thursday, August 07, 20031:48 PM
To: mythtv-users@snowman.net
Subject: [mythtv-users] mythweb2login and password?!



I just downloaded the latest cvs of mythweb2 and copied it over.However now when I goto the url I get a login screen asking for a password andusername for MythTV. Anybody have a clue what it is by default or where tochange it? There is no mention of this in the readme I am kind of lost here. MyMythTV installation is a about 2 weeks old (CVS) as I am out of the country andnoticed that my mythweb became screwed up for some reason and I'm trying to getthe new one to work lol.






---------------------------------


Add photos to your e-mail with MSN 8. Get 2 months FREE*.




---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software

> I just downloaded the latest cvs of mythweb2 and copied it over.
> However now when I goto the url I get a login screen asking for a
> password and username for MythTV.

Ick. I hadn't heard any complaints about this, so I had assumed that
since the htpasswd file wasn't present, it was just being ignored.

Anyway, as Alan said, the info is in .htaccess. Either pull it out, or
create your own htpasswd file with (of all things) the htpasswd program.

And on that note, what do people think. I use a password (and ssl)
because my mythweb stuff is open to the world (so I can set up
recordings while out of town, etc). I can remove this stuff from the
.htaccess file in cvs if too many people find it to be a hassle, or I
can add instructions to the README about how to create passwords (since
it is a nice security feature).

-Chris

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

On Thursday 07 August 2003 02:48 pm, Chris Petersen wrote:
> Ick. I hadn't heard any complaints about this, so I had assumed that
> since the htpasswd file wasn't present, it was just being ignored.
>
> Anyway, as Alan said, the info is in .htaccess. Either pull it out, or
> create your own htpasswd file with (of all things) the htpasswd program.
>
> And on that note, what do people think. I use a password (and ssl)
> because my mythweb stuff is open to the world (so I can set up
> recordings while out of town, etc). I can remove this stuff from the
> .htaccess file in cvs if too many people find it to be a hassle, or I
> can add instructions to the README about how to create passwords (since
> it is a nice security feature).

I'd prefer it if it were disabled in CVS, with instructions on how to enable
it.

Isaac
_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

I like the idea of pointing out the security potential
by forcing people to deal
with it, but it does violate the works-out-of-the-box
philosophy. So perhaps a
commented-out line in the distributed .htaccess and
inclusion in the README is
best.



> -----Original Message-----
> From: mythtv-users-bounces@mythtv.org
[mailto:mythtv-users-bounces@mythtv.org]
> On Behalf Of Isaac Richards
> Sent: Thursday, August 07, 2003 2:51 PM
> To: Discussion about mythtv
> Subject: Re: [mythtv-users] mythweb2 login and
password?!
>
> On Thursday 07 August 2003 02:48 pm, Chris Petersen
wrote:
>
> > Ick. I hadn't heard any complaints about this, so
I had assumed that
>
> > since the htpasswd file wasn't present, it was
just being ignored.
>
> >
>
> > Anyway, as Alan said, the info is in .htaccess.
Either pull it out, or
>
> > create your own htpasswd file with (of all things)
the htpasswd program.
>
> >
>
> > And on that note, what do people think. I use a
password (and ssl)
>
> > because my mythweb stuff is open to the world (so
I can set up
>
> > recordings while out of town, etc). I can remove
this stuff from the
>
> > .htaccess file in cvs if too many people find it
to be a hassle, or I
>
> > can add instructions to the README about how to
create passwords (since
>
> > it is a nice security feature).
>
>
>
> I'd prefer it if it were disabled in CVS, with
instructions on how to enable
>
> it.
>
>
>
> Isaac
>
> _______________________________________________
>
> mythtv-users mailing list
>
> mythtv-users@mythtv.org
>
>
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

> Ick. I hadn't heard any complaints about this, so I had assumed that
> since the htpasswd file wasn't present, it was just being ignored.

I meant to complain about it myself, but found it easier to just delete the
.htaccess file ;)
-dane

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

> I meant to complain about it myself, but found it easier to just delete the
> .htaccess file ;)

Except that there's more in that .htaccess file than just the password
stuff. Some of which is actually used to override default php.ini
settings.

I'll pull out the password stuff when I get home from work.

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

On Thu, Aug 07, 2003 at 11:48:08AM -0700, Chris Petersen wrote:
> And on that note, what do people think. I use a password (and ssl)
> because my mythweb stuff is open to the world (so I can set up
> recordings while out of town, etc). I can remove this stuff from the
> .htaccess file in cvs if too many people find it to be a hassle, or I
> can add instructions to the README about how to create passwords (since
> it is a nice security feature).
>
> -Chris

I just have it set to block/allow based on ip. Maybe you could
just make the default htaccess do something like this:

alias /tv /data/src/myth/mythweb
<Directory /data/src/myth/mythweb>
order deny,allow
deny from all
allow from 127.0.0.0/255.0.0.0
allow from 192.168.1.0/255.255.255.0
allow from 10.0.0.0/255.0.0.0
Options Indexes FollowSymLinks
AllowOverride Authconfig Limit
</Directory>

--
-Justin

> I'd prefer it if it were disabled in CVS, with instructions on how to enable
> it.

makes sense. done. I'll update README in a bit.

on that note, I added a .cvsignore with ".htaccess" in it, so that my
commits don't re-enable the auth stuff. but for some reason, it's still
sending .htaccess to the server. any suggestions?

-Chris

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

On Friday 08 August 2003 02:17 am, Chris Petersen wrote:
> > I'd prefer it if it were disabled in CVS, with instructions on how to
> > enable it.
>
> makes sense. done. I'll update README in a bit.
>
> on that note, I added a .cvsignore with ".htaccess" in it, so that my
> commits don't re-enable the auth stuff. but for some reason, it's still
> sending .htaccess to the server. any suggestions?

Sorry, I'm not sure -- I don't think .cvsignore is meant to do anything
besides ignore things that aren't supposed to be in the repository, and since
that file's in there already...

Isaac
_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users

> Sorry, I'm not sure -- I don't think .cvsignore is meant to do anything
> besides ignore things that aren't supposed to be in the repository, and since
> that file's in there already...

Guess I just write a script to do the checkin for me.. no biggie.

-Chris

_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users