JDownloader Community - Appwork GmbH
 

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 04.03.2011, 08:11
buggsy buggsy is offline
BugMeNot Account
 
Join Date: Mar 2009
Location: everywhere/nowhere
Posts: 1,120
Default JD RemoteControl listens on ALL interfaces?

Hello there,

I tried today the JD RemoteControl and it seems it listens to all interfaces rather that to localhost only (I read in some posts that the default behaviour is to listen on 127.0.0.1 only).

Is this a bug or an undocumented feature?

I looked for an option to configure it but it seems that the only configuration option is the port.

Could someone please point me how to configure it to only listen to localhost / 127.0.0.1 IP only?

I know I could achieve this through the firewall configuration but that seems quite a bit of work since it would mean to configure javaw which is also used by other apps.

I first thought that it's a fault of some routes I had (using ICS) but I did a remote portscan and the RemoteControl port was open.

Cheers and thanks in advance.

JD version: 0.9.581 (I use portable version auto-updated from a long time ago)

JD remotecontrol version: 9568

OS is WinXP SP3 patched.

[edit]

This seems to be the line from
Code:
netstat -an
that shows JD RemoteControl listening on all interfaces:

Code:
TCP    0.0.0.0:10025          0.0.0.0:0              LISTENING
Other info: pppoe connection with dynamic IP

Last edited by Jiaz; 18.03.2011 at 13:01.
Reply With Quote
  #2  
Old 18.03.2011, 07:25
buggsy buggsy is offline
BugMeNot Account
 
Join Date: Mar 2009
Location: everywhere/nowhere
Posts: 1,120
Default

No response to this until now? It seems like a really serious bug if the server listen to all interfaces rather than on localhost only taking into account that no auth method is implemented...

sorry for the [ bump ]
Reply With Quote
  #3  
Old 18.03.2011, 12:32
vivalostioz's Avatar
vivalostioz vivalostioz is offline
JD Legend
 
Join Date: Mar 2009
Location: Bonn
Posts: 618
Default

there is no option to configure it. you say that it's a serious bug but why is this so serious? Anyways I will try to build in an option for that. Auth method is planned.

Also we are working an a new Remote API
__________________
Zitat Jiaz: "bist du stable oder nightly?"

-------------------------------------------

Besucht meinen Entwicklerblog: mike-bonn.de
Reply With Quote
  #4  
Old 19.03.2011, 12:36
vivalostioz's Avatar
vivalostioz vivalostioz is offline
JD Legend
 
Join Date: Mar 2009
Location: Bonn
Posts: 618
Default

I build in an option to only run that addon on localhost yesterday (it's an checkbox in the options) but before I make these changes public I want to add an auth method (htaccess, like the webinterface has). The auth method was already on my todo-list

note: these changes will only affect the nightly branch while there is no update for the public branch
__________________
Zitat Jiaz: "bist du stable oder nightly?"

-------------------------------------------

Besucht meinen Entwicklerblog: mike-bonn.de

Last edited by vivalostioz; 19.03.2011 at 12:38.
Reply With Quote
  #5  
Old 19.03.2011, 19:53
buggsy buggsy is offline
BugMeNot Account
 
Join Date: Mar 2009
Location: everywhere/nowhere
Posts: 1,120
Default

Glad to hear it. Now, Ill just have to figure out how to get the nightly build of the plugin.

SOmething like in this link? http://jdownloader.org/knowledge/wik...te-jdownloader

Another suggestion here: I think the changed / patched version should be pushed in the stable version too and with the option to listen only on localhost as the default one.

Cheers.

Last edited by buggsy; 19.03.2011 at 20:09.
Reply With Quote
  #6  
Old 20.03.2011, 04:38
drbits's Avatar
drbits drbits is offline
JD English Support (inactive)
 
Join Date: Sep 2009
Location: Physically in Los Angeles, CA, USA
Posts: 4,434
Default

The remote control patches cannot be applied to the Stable version. The core of JDownloader has changed too much.

To get the Nightly build of the plugin, just start JDownloader by using <JDownloader>\windows_ALPHA.bat (for Windows. Ask me about *nix).

One generally does not need the remote control or Web interface on localhost, unless one is using these interfaces inside other programs (other than browsers).
__________________
Please, in each Forum, Read the Rules!.Helpful Links. Read before posting.
Reply With Quote
  #7  
Old 20.03.2011, 08:23
buggsy buggsy is offline
BugMeNot Account
 
Join Date: Mar 2009
Location: everywhere/nowhere
Posts: 1,120
Default

Quote:
Originally Posted by drbits View Post
The remote control patches cannot be applied to the Stable version. The core of JDownloader has changed too much.
Got it. That's unfortunate though, having an open service with no auth method and no self-implemented option to control who can access it is a serious exploiting vector IMO.
For linux the issue would be easy to control since a simple firewall rule can be used but for winblowz it's a pain if no additional firewall software is used.

Quote:
Originally Posted by drbits View Post
To get the Nightly build of the plugin, just start JDownloader by using <JDownloader>\windows_ALPHA.bat (for Windows. Ask me about *nix).
I do not have that .bat file since I use the portable version which was updated from the former version(s) (do not remember exactly which was it.
Nevertheless, I noticed a BETA.exe in the latest zip archive but I would like to backup my working space before trying that one.
Didn't notice a .sh for the *nix version inside the archive either so could you confirm please if the command line from the previous link regarding the translation is the right one.

Quote:
Originally Posted by drbits View Post
One generally does not need the remote control or Web interface on localhost, unless one is using these interfaces inside other programs (other than browsers).
That's it exactly why I need it: I want to use it with an xbmc plugin.

Cheers and thanks.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 13:50.
Provided By AppWork GmbH | Privacy | Imprint
Parts of the Design are used from Kirsch designed by Andrew & Austin
Powered by vBulletin® Version 3.8.10 Beta 1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.