Quote:
Originally Posted by kovidgoyal
|
In that case, it would be nice if you could add the following radio buttons (choose only one) for Content Server write permissions:
- Allow write for all users
- Deny write for all users
- Allow/Deny write for users based on user profile (implies that user profiles MUST be in use)
Additionally, it would be nice if you'd allow the following radio buttons (again, choose only one):
- No authentication for all users
- Authentication required for all users (individual passwords defined in each user profile, but can be null)
And in the user profile the choice:
- Allow user to change their password
- Password can only be changed by Calibre administrator
Thus, you could define a "guest" login, without password, that has only read permissions. I'm not saying this is wise, given the potential for copyright violations. But some Calibre administrators may want to make books they personally have written available for free, thus copyright is not an issue. You never really know how Calibre will be used in the wild.
I remember in a different thread I mentioned something about allowing user profiles without authentication (because I was planning to provide my own, as demonstrated in this thread) and you replied that you wouldn't do that, because it wasn't secure and administrators could inadvertently cause copyright violations. But I might counter this by saying that if you don't set up user profiles at all, then it certainly isn't secure either, since there is no authentication in that case. And the single authentication method you do provide is login/password, which is the most easily abused by users, most easily hacked by bad guys, and weakest form of authentication available anywhere. Plus, these logins/passwords are sent in the clear I assume, so a man-in-the-middle with a packet sniffer gains access too (I didn't do any testing/sniffing to see if this is indeed the case, but I'm postulating that it probably is). I would be happy to see a big bold warning in Calibre reminding people that they should not have the Content Server available in the internet-at-large without authentication, and passwords should be of decent length and complexity. But leave it as a warning/suggestion, not a mandatory configuration. Some administrators may want to enforce better security (maybe with reverse proxy and client certs, maybe with VPN, whatever). Let them. And some may want to tempt fate and have no security at all. Well, ... let them too. It also seems inconsistent to enforce login/password if user profiles are enabled, but not enforce it if profiles are not used.
Don't get me wrong - I'm not complaining, I'm just making a suggestion. I think Calibre is one of the best thought out and best implemented pieces of software I have ever had the pleasure of using.