Data Security

Just wondering, when plugged into a network: is there any way to protect the data on the Rio. I just thought of this after installing Hijack, and being able to FTP into the box from anywhere!

is there a way to enable logons, or to set file permissions?

not that im paranoid or anything...
-ted

Not right now. Even prior to Hijack and it's FTP/HTTP server, you could, and can, connect from anywhere to the empeg via Emplode, even, conceivably, over the Internet, with no auth.

Oh -- and file permissions don't make sense even beyond that, because there are no users other than root.

A good recommendation is to set the Empeg address to something unroutable and limit access that way. Not setting a default gateway on the player goes some way towards limiting remote access too.

See "accessing the player on a different subnet than the PC" here in the FAQ.

I could have sworn they were implementing password security in Emplode with version 2.0.

Wait, maybe that was only for the Jupiter... Now I'm confused!

Wait, maybe that was only for the Jupiter

It was only for the Jupiter. I think that you alpha mateys once accidentally got a car release with it enabled, but that was a bug.

Peter

Umm what's the Jupiter? Is that the super 31337 code word for the HSX?

Umm what's the Jupiter? Is that the super 31337 code word for the HSX?

Yes. See here.

Okay then I guess the follow-up question would be why would Emplode have a nice password protection/security feature only for the one product and not the other?

why would Emplode have a nice password protection/security feature only for the one product and not the other?

Because the feature needs to work at both ends of the connection. In both emplode and the in the player software. The car player software doesn't have it working yet.

Gotcha. I kinda thought since there was reuse between the player software on the two platforms, that the security component might be included. Guess not.

I kinda thought since there was reuse between the player software on the two platforms, that the security component might be included.

There is, to a certain degree. But not every feature is duplicated across platforms, as there are significant differences between them.

I know not everything can be reused, but as someone who writes netcentric security software, I don't see why the authentication scheme needs to be tied to the specific platform. It's best to abstract session/security layer activities from any presentation logic. It doesn't always happen that way but most of the UI stuff would be on the Emplode side (entering the password to connect, setting the password, etc) and the player would just be responsible for comparing what the user enters (or an encrypted/hashed version of it) to what it has in its config file. Why would that different between them?

Because if it's done that way, the player is still accessable via Jemplode/emptool unless similar locks are put there. Putting a mandatory password block on the player to access the database would seem to be a solution, but then it has to be implemented in JEmplode and emptool.

I'm guessing empeg would want to implement a secure solution, instead of one that simply looks secure from one program. Building the HSX from the ground up made that much more possible, compaired to the empeg code base starting on a device that couldn't speak ethernet. Plus the fact that the HSX will most likely be connected all the time...

Putting a mandatory access block on the player to access the database is exactly what I was talking about. I don't think anyone was suggesting that only Emplode needs to present a password, and other clients (Jemplod etc) would get carte blanche. Obviously the player would have to be the gatekeeper and, if so configured, reject all clients that don't present a password.

I dunno. It's not as much of a concern as the machines I work with here at work. I'd much rather see cool new visualizations and such than password protection.