‼️ REQUEST: Html based Web UI Authentication - to fix broken login via Hereshere and DeoVR 🔐 #1933
Comments
xXSalamanderXx
changed the title
xXSalamanderXx
changed the title
|
You can set a whitelist rule on your XBVR server's firewall to only allow your VR headset's IP as the only machine allowed to connect to XBVR's port. Setting a static IP on your VR headset would also prevent any connection issues from your IP changing. Changing the default port would also make it harder to determine what port XBVR is running on. Also this should work. I don't use so unsure of the steps on setting it up(Above the circled bit, old photo)
|
|
Thanks for your reply. Unfortunately the shared player authentication doesn't stop access to the WebUI itself. It only really prevents people loading the VR Player in heresphere. You still have full view of the entire xbvr server. So I find that authentication quite pointless. I have set a different port number, and can play around with the IP restrictions so thanks for that suggestion. However that's still a work-around, to this missing feature. Ideally a simple web interface to login would solve all this hassle. It doesn't seem very hard to implement, I almost got one working and have little experience with this stuff. Thanks anyway 👍 |
|
You would have to use that in addition to the UI_USERNAME and UI_PASSWORD variable. I would count XBVR a very low risk application to be discovered. Especially if you change the default port assignment to something unused and random. You would know if someone was port scanning your server to find what port XBVR is on(There are 32k for server use). And if you turn off DNLA XBVR doesn't broadcast it's presence. And if you prevent WAN traffic from accessing your sever you only have local traffic to worry about. Part of the problem is how different applications interface with XBVR. You have hersphere API, you have deoVR API and then you WebUI traffic. And password protection is not something you shortcut. P.S XBVR only uses HTTP so any password would be sent in the free and clear defeating the whole purpose of password protection. And that is something the Devs have stated they won't fix |
|
I agree the web interface needs a web login. Password protection should be step 0 of a porn app and pretty basic to implement. As far as I can tell this app is built on top of or in parallel with Stash (https://github.com/stashapp/stash) which has this exact feature already built in. It's open source, they can just rip the code. |
|
Yeah my thoughts exactly. 🤦🏻♂️ |
The current method for UI Authentication using UI_USERNAME and UI_PASSWORD environment variables is incompatible with Heresphere and DeoVR. It just returns a page load error, instead of showing the login prompt. Can it please be considered to use the Web UI for the login screen aswell, to fix this issue.
Original Post before finding out about UI_USERNAME, UI_PASSWORD environment variables.
I think this is seriously one of the most vital features for this 'type' of app. The fact anyone can access the Web UI on your local network is abit insane to me. It defeats the purpose of having authentication via hereshere etc. I've been trying for days to make my own authentication front end, and losing my mind over it. Can this feature please be added - for the sake of people who live with other tech savvy individuals! Thankyou
The text was updated successfully, but these errors were encountered: