08-28-2014, 09:48 PM
|
#1 |
|
Junior Member
 Posts: 5
Karma: 10
Join Date: Aug 2014
Device: snesbitt
|
Requesting Help Securing a Calibre Server
All:
I am looking for advice on how to secure my calibre service. What I want is pretty basic - to have calibre on a public internet site - my private virtual server - so that my wife and I can access my library and books anywhere I have internet access. The issue I have is that I don't want to allow everyone access either to my catalog or to the contents of my library. I could, theoretically, run the calibre server with the --password option but the fundamental problem is that the password is passed on the command line which means it is visible in the process table. Not something I'm comfortable with. So, how are others securing their calibre server? Thanks in advance, -steve |
|
|
|
08-28-2014, 11:49 PM
|
#2 |
|
creator of calibre
 
Posts: 45,347
Karma: 27182818
Join Date: Oct 2006
Location: Mumbai, India
Device: Various
|
If some can read the process table on your server, you are already screwed. There are literally dozens of local privilege escalation exploits on linux.
But, if you dont want to set a password in the calibre server, reverse proxy it behind apache or nginx or whatever. Instructions on how to reverse proxy are in the user manual. |
|
|
| Advert | |
|
|
|
08-29-2014, 03:43 AM
|
#3 |
|
Grand Sorcerer
Posts: 12,447
Karma: 8012886
Join Date: Jan 2010
Location: Notts, England
Device: Kobo Libra 2
|
One way to do this was discussed in the thread How to set up a content server on a VPS?
And to build on what Kovid said: if you allow local users than you are likely to lose control of the machine for many reasons beyond command argument sniffing. The pesky users install insecure software or worse, malware. They use bad passwords that are cracked by the daily SSH/SMTP dictionary attacks. There will be pressure to support home-directory web sites that often open security holes. And so on. |
|
|
|
|
08-29-2014, 12:01 PM
|
#4 |
|
Junior Member
Posts: 5
Karma: 10
Join Date: Aug 2014
Device: snesbitt
|
Thanks for the input
While I agree that having user accounts on a web server is a bad idea - and I don't plan on doing it - and that any system breach opens a number of vulnerabilities, the idea of a password in the process table that is accessible to any account at any level still strikes me as a needless vulnerability.
I have actually gone down the path of a reverse proxy using NGINX and basic authorization. The problem I'm running into here is that after successful log in, all further access to the calibre server generates an access error log message. Access is still allowed, but my error log is full of crap. If any one has successfully placed calibre behind Nginx, I would be most appreciative to look at the NGINX configuration. |
|
|
|
|
08-29-2014, 01:16 PM
|
#5 | |
|
Grand Sorcerer
Posts: 12,447
Karma: 8012886
Join Date: Jan 2010
Location: Notts, England
Device: Kobo Libra 2
|
Quote:
|
|
|
|
|
| Advert | |
|
|
 |
«
Previous Thread
|
Next Thread
»
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Calibre Content Server and Windows Home Server 2011 | HughMcC | Calibre | 8 | 10-01-2014 07:26 AM |
| calibre-server: Doesn't server up newly added files | kaistian | Calibre | 5 | 03-17-2013 11:54 AM |
| Requesting a new development idea in the calibre software!! | meghana jain | Calibre | 5 | 01-11-2013 06:23 PM |
| calibre-server OPDS catalog - manual move to web server | HaakonME | Related Tools | 5 | 09-21-2012 03:11 AM |
| 500 Internal Server Error accessing content server Calibre 0.8.8 | DaddyO57 | Calibre | 1 | 07-20-2012 06:08 PM |
All times are GMT -4. The time now is 12:09 AM.