obs-websocket

mirror of https://github.com/Palakis/obs-websocket.git synced 2024-08-30 18:12:16 +00:00

History

tt2468 1cd12c1023 forms: Add configuration to enable external access After discussion in the Discord server, and some internal discussion, this was deemed a reasonable patch for various security concerns. This basically controls whether obs-websocket binds to 127.0.0.1 or 0.0.0.0. I decided to have obs-websocket bind to 127.0.0.1 by default, since most users appear to be using obs-websocket on the same machines as their client software. This will be changed if it poses significant support-related issues. Further security solutions have been discussed, but are either a heavy amount of work, or significantly impact client applications' connect flows. One idea that I should mention is like a cookie system, where: - On first connect, obs-websocket asks the user to approve the connection. - After authentication, obs-websocket gives the client a token in the `Identified` message, which the client stores. - On future connects, the client uses this token, along with the password, to authenticate without needing user confirmation. This system will likely be implemented in a future version of obs-websocket. Closes #907	2022-04-26 03:24:26 -07:00
..
locale	forms: Add configuration to enable external access	2022-04-26 03:24:26 -07:00

tt2468 1cd12c1023 forms: Add configuration to enable external access

After discussion in the Discord server, and some internal discussion,
this was deemed a reasonable patch for various security concerns. This
basically controls whether obs-websocket binds to 127.0.0.1 or 0.0.0.0.

I decided to have obs-websocket bind to 127.0.0.1 by default, since
most users appear to be using obs-websocket on the same machines as
their client software. This will be changed if it poses significant
support-related issues.

Further security solutions have been discussed, but are either a heavy
amount of work, or significantly impact client applications' connect
flows.

One idea that I should mention is like a cookie system, where:
- On first connect, obs-websocket asks the user to approve the
connection.
- After authentication, obs-websocket gives the client a token in the
`Identified` message, which the client stores.
- On future connects, the client uses this token, along with the
password, to authenticate without needing user confirmation.

This system will likely be implemented in a future version of
obs-websocket.

Closes #907

2022-04-26 03:24:26 -07:00

locale

forms: Add configuration to enable external access

2022-04-26 03:24:26 -07:00