Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

GUI Mode#43

robswc started this conversation inGeneral
Oct 4, 2022· 1 comment
Discussion options

Recently, a user requested that the GUI for TVWB not be accessible to anyone publicly snooping IPs or Ngrok URLs.

I felt this was a totally reasonable request and actually changed the default mode of TVWB is started in.

Note: This effectsonly the GUI. Webhook events are "protected" via their keys. (i.e. you need to send data to TVWB with a valid key in order to trigger an event)

Currently, there are two modes.

Open

tvwb.py start --open-gui

In open mode, the GUI can be accessed by simply visiting the IP or Ngrok URL that TVWB is hosted on. (i.e.http://yourIp:5000/ This is not that secure, since anyone would theoretically be able to access your GUI and by extension, your keys. Nobody would be able to actually look inside and see how your event runs... but it would also defeat the purpose of having keys to begin with and also generally, I imagine, people wouldn't want their GUI exposed to the entire internet. So, going forward, TVWB will be run in "CLOSED" mode by default. It is possible to turn on "OPEN" mode by runningtvwb start --open-gui. This can be useful for development or testing purposes.

Closed [Recommended and default]

tvwb.py start

In closed mode, to access the GUI, you will need to pass a query parameter calledguiKey. This is automatically generated for you and also printed to the console upon starting the server. So in actuality, when run in production (or by an end user) there is very little work that has to be done while running in this mode. Running in this mode ensures that your GUI is protected by entropy.

https://www.security.org/how-secure-is-my-password/sample gui key: KjbbsZFML_WXFWujcXaZ0aU3M_cj5KZ7

An example of the URL you would be accessing with closed mode on is:

http://0.0.0.0:5000?guiKey=KjbbsZFML_WXFWujcXaZ0aU3M_cj5KZ7

The only realistic downside to running the GUI in this mode is that you will have to either bookmark or copy + paste the URL when you want to access it. The upside is that this will make it virtually impossible for someone snooping around IP addresses or URLs to access your GUI.

Feel free to ask any questions or for any clarifications!

You must be logged in to vote

Replies: 1 comment

Comment options

Brilliant stuff -- thanks!

You must be logged in to vote
0 replies
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Category
General
Labels
None yet
2 participants
@robswc@devmehta91
[8]ページ先頭
©2009-2025 Movatter.jp