UMS and security

Announcements about Universal Media Server
User avatar
SharkHunter
Developer
Posts: 648
Joined: Fri Jun 01, 2012 9:36 pm

UMS and security

Post by SharkHunter »

UMS is a DLNA server (as you might know). Now DLNA is a protocol that doesn't have any real notion of a "user". You don't have to "logon" to your TV for example. This leads to that all renders gets access to the same data. This might not be what you want. For example if you have two folders kids_safe and kids_unsafe you might want restrict the renders in the kids room to only have access to the kids_safe folder. UMS provides a number of methods to control the access, described in detail under UMS and security in the wiki.
Last edited by infidel on Sun Mar 20, 2016 4:54 am, edited 1 time in total.
Reason: removed descriptions and linked to wiki for consistency
We reject: kings, presidents and voting.
We believe in: rough consensus and running code.
INAX93
Posts: 5
Joined: Wed Sep 24, 2014 8:03 am

Re: UMS and security

Post by INAX93 »

SharkHunter wrote: [*]Pin-code
All the above methods restricts access from various renders. But if you can get access to a render that is allowed to see a folder those methods will not help you (if the kids has access to the living room tv which have access to all media then they have access to that media). The Pin-code solves this issue. It allows you to hide folders/media behind a pin code which you must enter FROM the render. By default the input is a sequence of digits (0-9) just like an ATM code. I strongly suggests that you use digit based codes as it becomes hard to "type" in from the render. But if you are extra paranoid you can add letters. It works as follows:
Add a file called UMS.codes to the same dir as your UMS.conf and to that file add add
regexp,code
where regexp is a regular expression just like in UMS.deny and code is the code that will grant access to the folder/media.
There is no length regulation on the code.
For example:
*.private.*,1234
Will force you to enter a code if the folder/media contains the word "private" and the correct code is 1234.
The code then stays vaild for 4 hours (if you don't change that time).
[/*]
[/list]
Hi ! just tryed to add a pin code on a folder nammed "777" by creating the UMS.codes with "*.777.*,1234" in it... ( in the same dir as the UMS.conf ) and it does not do anything... do i need to do something in the UMS.conf to enable the use of UMS.codes?
Another point, if you can help me make it work, do you think i can add a pin code to the "server settings" folder ?

thanks for your help.
User avatar
SharkHunter
Developer
Posts: 648
Joined: Fri Jun 01, 2012 9:36 pm

Re: UMS and security

Post by SharkHunter »

The Code Stuff is only added in the 5.0 branch and not released yet (not even as alpha) but I documented it first because you can build the 5.0 branch yourself and then use this feature.
We reject: kings, presidents and voting.
We believe in: rough consensus and running code.
INAX93
Posts: 5
Joined: Wed Sep 24, 2014 8:03 am

Re: UMS and security

Post by INAX93 »

SharkHunter wrote:The Code Stuff is only added in the 5.0 branch and not released yet (not even as alpha) but I documented it first because you can build the 5.0 branch yourself and then use this feature.
Oh ok! I understand why now... :)
will the v5 be released soon?

Thanks!
User avatar
Optimus_prime
Posts: 678
Joined: Fri Jun 01, 2012 6:39 pm
Location: Sydney, Australia

Re: UMS and security

Post by Optimus_prime »

INAX, there will be a test release of the 5.0.0 Branch soon. We will be look for as many people to test it to iron out any bugs :)
How Ask For Support
Remember, Debug Log's Can/Will Help and Explain your issues, we're not mind reader's but here to help
OS's I Use And Can Assist With: Windows 7/8, Mac OS-X 10.8 & 10.9
Mac OS-X Java 7 Builds Mac OS-X Java 7 Forum
INAX93
Posts: 5
Joined: Wed Sep 24, 2014 8:03 am

Re: UMS and security

Post by INAX93 »

Optimus_prime wrote:INAX, there will be a test release of the 5.0.0 Branch soon. We will be look for as many people to test it to iron out any bugs :)
It would be a pleasure to be a part of the test team.
Feel free to call me for it :) if it can help...
infidel
Developer
Posts: 571
Joined: Thu Jul 12, 2012 5:37 am

Re: UMS and security

Post by infidel »

I took the liberty of adding a section on custom device configurations in UMS 5.0.0 :)
Rhialto
Posts: 24
Joined: Mon Jan 13, 2014 1:47 am

Re: UMS and security

Post by Rhialto »

UMS 5 already? 4.0.0 was release just 2 months ago... what important change makes it as a new major version? Just curious... I'm still using 3.x as I thought all bugs were not sorted out in 4.x
ch2375
Posts: 4
Joined: Wed Jan 16, 2013 1:22 pm

Re: UMS and security

Post by ch2375 »

Having trouble with the pin-code working in UMS >5.0.0.
Added file UMS.codes to appropriate folder where UMS.conf exists, in Windows7 (ProgramData\UMS).
Added appropriate regular expression for my use case and pin.
No matter what I try, the "pin protected" folder still shows up, I Never receive a prompt for the pin on the renderers (mostly Samsung TV's, but also Kodi (openELEC), and PS3.
Is there something I am missing? Is it possible this really hasn't yet been implemented? For example, I can see settings in UMS.conf that seem related to the pin-code (see below),
but these settings do not yet exist in the GUI. In my experience, when there are settings in config files and/or code, but they do not exist in the GUI, it is because they
are going to be used, but isn't fully implemented. I tried altering these settings as well, with no success.

######################################
## PinCode folder settings
######################################

# PinCode charset
#------------------
# Which charset to chose
# PinCodes from.
# 0 = Digits (0-9)
# 1 = Letters (A-Z)
# 2 = Both
# Default: 0 (digits)
code_charset=

# PinCode don't show thumbnails
#-----------------------------
# Whether or not to show thumnails
# of media that is hidden by Pincode folders.
# If true a generic thumbnail will be shown.
# Default: true
code_show_thumbs_no_code=true

# PinCode valid timeout
#------------------------
# Determine for how long
# an entered pincode is valid
# and thus unlocks the media
# Default: 4 (hours)
code_valid_timeout=

# PinCode enabled
#--------------------
# Whether or not to
# use Pincodes at all
# Default: true
code_enable=true
Wolfgan
Posts: 370
Joined: Fri Feb 08, 2013 12:33 am

Re: UMS and security

Post by Wolfgan »

I wonder the same, is this implemented and supposed to work on UMS 5.1+? I tried several configurations, it didn't work and there's not even a mention of pin codes in the logs...
-- UMS serving PS3, WDTV, Samsung H6400 + J5500 and Kalemsoft renderers! (no video transcoding but remuxing accepted :D )
Post Reply