Thread: Content Server
View Single Post
Old 12-30-2012, 05:05 AM   #11
chaley
"chaley", not "charley"
chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.chaley ought to be getting tired of karma fortunes by now.
 
Posts: 4,988
Karma: 802238
Join Date: Jan 2010
Location: France
Device: Many android devices
Quote:
Originally Posted by roadstar View Post
This just all seems to be defeating the whole purpose of this...which is to access the library easily from any computer anywhere in the world, (either password protected or not) just like it says on the Calibre support page. I know what you're saying, but surely we don't have to worry about port forwarding on every router/computer we might have access to, "anywhere in the world" (quote).
In fact you do have to worry about these things for every network that runs a server that you want to be visible on the internet. This is fundamental to the internet. Calibre can not and really must not even try to change the situation.

In the vast majority of cases (probably more than 99.9%) a home network is private, meaning that no computer outside that home network can see into it. You can tell if a network is private if it has IP addresses that match the list that DoctorOhh supplied. Without this "restriction", security on home networks would be nil. There is an excellent chance that files on your machines would be visible. Bad guys could print on your printers, just for the fun of it. And more.

It is possible to "open" a private network. It isn't even particularly hard, once you know how. The link that DoctorOhh provided discusses many of the issues. That said, one must be very careful not to let the bad guys in. There are people who run "scanners" on a full-time basis, looking for openings in networks behind every IP address in the world, then trying to exploit openings when found in multitudes of ways. I manage servers that get probed more than 50 times per day. The bad guys are very smart, and there are a tremendous lot of them.

I refuse to open my private (home) network. For me, the risks are too high. However, like many people I do want my content server to be visible when I am out and about, for example when using 3G connections on my phone. My solution: rent time on a server in someone's data center (in my case cheapvps.co.uk) and run my content server there. Put nothing else of interest on that server. I use dropbox as the transport to ensure that library changes I make at home are propagated to my internet-visible server. I use apache reverse-proxy to manage password access, giving each user (members of my immediate family) individual passwords. Given my experiences with the cleverness of bad guys I don't think that I am exhibiting excessive paranoia. YMMV.
chaley is offline   Reply With Quote