phodges wrote:What controls security between ServiiDroid on an android phone and the Serviio server on a PC ?.
Lets say two people are on a local 192.168.0.x network. User A has the server installed on a PC at (static) 192.168.0.83 and user A's phone is on (dynamic) 192.168.0.124. User B has an android phone on (dynamic) 192.168.0.91. User A installs Serviio on his PC and ServiiDroid on his mobile and is surprised he can control the Serviio server on his pc using the mobile. User A does not want user B to control Serviio just by installing ServiiDroid on his mobile. Shouldn't permissions stop network users from playing with services without admin or special purposes?. Has user A got problems with his PC security or is he missing something?.
phodges
Serviio is designed for streaming media in a home environement, so its assumed that anyone who has access to the local network, is allowed to configure the server.
You have a few options to limit access.
If you just want to be able to configure the server from the server itself, setup a firewall rule that blocks port 23423 from anything other than localhost.
If you want to be able to configure the server using ServiiDroid from User A's phone, then you need to give user A's phone a static IP in your router and then create a firewall rule that blocks port 23423 from anything other than localhost or the IP of user A's phone.
If user B isn't very technical and doesn't want to access DLNA content from the server on their phone, then you can turn on disable access to new devices in the Serviio console, and set user B's phone to disabled. This will prevent them from browsing content and discovering the server in ServiiDroid, but it won't prevent them putting in the IP address and then giving themselves access again. Likewise unless you use a firewall rule, there is nothing stopping user B from installing the Serviio console on their PC, and pointing it at your server, which again will let them fully configure the server.