-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Guest access for viewing/downloading pictures #182
Comments
Maybe also aside #118 It's nothing I am currently able to to... Missing knowledge/skills in that direction |
Yeah, but TBH I do not consider a login/authentication feature that important for this software. Or let me put it another way: Currently PB is not meant to be publicly exposed (i.e. reachable from the internet). If this was a requirement, not only authentication/authorization would have to be added but a general auditing/hardening would be required. I'm pretty sure that plenty of exploits/attack vectors could be successfully applied to the current state of the code. I personally, do not consider that a big deal, as long as it is clearly stated, that it is meant to be used in an offline environment only. Assuming that, it should be sufficient to restrict the admin area to certain IPs (at a first step) which should also be quite straight-forward to implement. |
Adding a check to check for localhost or defined IP, if not matching open gallery.php ? |
Sorry, but I do not agree that this is a duplicate of #39 and the webserver config only solves part of the problem. The use case I'm referring to/want to solve with this feature request is to allow guests to access PB via their mobile devices and download pictures. But obviously they must not be allowed to print, take a picture or access the admin area. Edit: I mixed up #39 and #118 - alright, one could consider this a dup of #39 but I believe that "my" approach better suits the typical PB requirements/use cases. Plus, this feature request addresses another currently existing actual problem: Everyone knowing the IP of PB can print and take pictures (from remote). |
We could also leave this open, but I think in both cases it's about authorization and if you fix one, you automatically fix the other. Hope this is ok for you. |
Yes and no. :-) The login authentication fix would not solve the problem that remote users can still print and take pictures. Unless the "master" device has to authenticate too but I don't think that someone wants to login the iPad installed in the booth. ;-) Hence, I believe that doing this on an IP level is the easiest approach and security wise it should be sufficient unless "being online" gets an requirement. |
Is your feature request related to a problem? Please describe.
When using PhotoBooth in a "hotspot-environment" it should be possible to differentiate between devices with elevated privileges (typically "localhost" and/or a tablet used in the booth) and "guest devices" (all other devices accessing PB). The latter ones should only have access to the gallery. They must not be able to take or print but only view and download photos (this would also require #7 ).
Describe the solution you'd like
Create a new config option à la
privileged_devices
defaulting to127.0.0.1
. Multiple devices can be added.gallery.php
should be the landing page for them).Describe alternatives you've considered
This could also be implemented on Nginx (as a temporary workaround).
Additional context
(I might be able to implement this myself but first wanted to discuss this first :) )
Depends-on: #183
The text was updated successfully, but these errors were encountered: