Understanding UMS security model

General discussion about Universal Media Server (no support or requests)
Post Reply
shoe
Posts: 2
Joined: Thu Sep 30, 2021 9:54 pm

Understanding UMS security model

Post by shoe »

I have now read https://github.com/UniversalMediaServer ... nd-Privacy several times and did several basic tests using different configurations.

After reading and testing a lot I get the impression (please somebody correct me) that there is not really a true Security-and-Privacy model in UMS that deserves this label. From my understanding there is NO way to make a single folder only VISIBLE and ACCESSIBLE from just one renderer. Is this correct? I know there is the PIN option but that is very annoying to use but doesn't solve the VISIBILITY problem. The folder is VISIBLE to all (especially all new devices) in the network.

Is this really how UMS does Security-and-Privacy? I still cannot believe this is the truth. Please somebody correct me. Maybe I am missing something?! Because the way this is done seems like somebody put a lot of work into the task to make Security-and-Privacy as maximally meaningless as possible. I don't want to sound arrogant (truly) but if this is the Security-and-Privacy model I wonder if the UMS devs want to make fun of its users? This is a joke!

And before somebody comes and tells me, this is DLNA/UPnP and it is technically possible to do it any other way: UMS is not the only DLNA-compliant UPnP Media Server. Other servers solve this by having a global option where you enter all folders you want to share to all renderers and then a per-renderer setting to add additional folders to a certain renderer. This is clean. This works. This does not need a PIN.

Why does UMS have a ip_filter option that works but it cannot restrict visibility and access of certain folder without PIN to certain renderers based on their IP?

Does anybody working on UMS realize how normal home networks look in reality? There is a constantly shifting number of renderers. New smartphones and tablets are bought regularly and connected to the network. Guest visiting get WLAN access. Every laptop and PC with VLC is a renderer. If there is NO way to tell UMS I only want a certain folder to be visible and accessible ONLY from renderer with IP 192.168.178.22, then UMS is absolutely unusable in a common real home network! What are users supposed to do? Keep track of every device added to a network and immediately add extensive configuration to UMS to restrict visibility and access of globally shared folders to that devices? This is so very unrealistic and a total configuration hell with multiple ways that things go wrong and devices get access to a folder when they shouldn't.

Why the hell is there a per-renderer .conf file option if you cannot add folders that are NOT in the global configuration? This is so dum I don't have words to explain how dum this is.

AGAIN: maybe I am wrong and I don't use the configuration correctly. Then I want to humbly apologize and ask for your forgiveness.
User avatar
squadjot
Moderator
Posts: 652
Joined: Fri Jun 01, 2012 4:24 am

Re: Understanding UMS security model

Post by squadjot »

You can do a hack (without involving IP's) The solution is to have only one config in renderer folder , you can call it "catch-all.conf" In that config you simply disable everything.
Then you can do "per device-config" (based on UUID) that allows the folders and reset the features you want.

Edit: I belive you can make it "catch all" by simply having UserAgentSearch = *
ariftajru
Posts: 1
Joined: Tue Oct 12, 2021 4:19 am

Re: Understanding UMS security model

Post by ariftajru »

hm,--Good and informative discussion --
User avatar
squadjot
Moderator
Posts: 652
Joined: Fri Jun 01, 2012 4:24 am

Re: Understanding UMS security model

Post by squadjot »

So i found the post I made about this, 5 years ago.. :roll:

You'll probbaly find it useful:
https://www.universalmediaserver.com/fo ... php?t=8558
User avatar
SubJunk
Lead Developer
Posts: 3705
Joined: Sun May 27, 2012 4:12 pm

Re: Understanding UMS security model

Post by SubJunk »

There is good feedback here. I guess there are different concepts to consider - "privacy" and "security", and also different types of network configurations.
I think it's still true that most people have a private home network that is secured by a password. Giving someone access to your network means they're trusted, and if they're not trusted, then UMS is the least of your concerns :D

Having said that, our user experience for privacy can use a lot of work. It should be simple to set up restrictions, instead of needing to do hacks with configs. The hacks are really cool and clever but ultimately they reveal missing features.

Maybe you would be interested in helping develop improvements?
User avatar
squadjot
Moderator
Posts: 652
Joined: Fri Jun 01, 2012 4:24 am

Re: Understanding UMS security model

Post by squadjot »

If i knew Java, and had the time, i would add a simple "allow/disallow renderer"-functionality. (with option to disallow as deafult)
Visually i'd maybe rework the "detected media renders"-list .. or if i was lazy, i'd just add some kind of allow/disallow tick box by each renderer image.

If i had had even more time and java skills , i'd make a solution that could do it per share, so that certain folders would be visible to certain renders.

:)
User avatar
SubJunk
Lead Developer
Posts: 3705
Joined: Sun May 27, 2012 4:12 pm

Re: Understanding UMS security model

Post by SubJunk »

Those are all good ideas. I have created a new issue for it on GitHub, for part 1 https://github.com/UniversalMediaServer ... ssues/2782
That would be a good first step, and then we can add the ability to share folders per device separately.
User avatar
mik_s
Moderator
Posts: 1114
Joined: Wed Aug 23, 2017 11:03 pm
Location: UK

Re: Understanding UMS security model

Post by mik_s »

I was thinking about ways of improving setting up security options and virtual folders in the GUI when I was going to attempt (and failed) to learn some java.

Maybe it could give you some ideas on how to do it.
I thought that instead of the shard content being stored in UMS.conf and a separate VirtualFolders.conf, only use 1 and call it something like media.conf based of the format of virtual folders and extra options could be added on a per folder basis for allow/block from certain renderers or IPs. you could also include the web.conf too.

I would also suggest an option to select what content type is in a directory like Music, Video, Pictures, Web, Films, Series, Anime, Children's, Mixed, Adult and Private etc
These could help direct to the right service for metadata lookup. Also if set to private or Adult then security options could be set to automatically block on all renderers until one is set to allowed, picked from a list or available renderers or IPs, and pin control could be added. And is not a good idea to have these files advertised by searching online for metadata.

This could even be built on in the future to add other options like forcing subs when playing from one folder, setting marked as played and monitoring for new media.

This is a quick mock up on how this conf could look like.
Instead of in the UMS.conf

Code: Select all

folders = K:\\Episodes,D:\\Porn,K:\\Videos\\Kids stuff,K:\\Videos\\Films,K:\\Videos\\Anime
folders_monitored = K:\\Episodes,D:\\Porn,K:\\Videos\\Kids stuff,K:\\Videos\\Films,K:\\Videos\\Anime
the Media.conf could look like

Code: Select all

[
	{
		"name":"Episodes",
		"addToMediaLibrary":"true",
		"monitorPlayedStatus":"true",
		"contentType":"Series"
		"files":["K:\\Videos\\-Episodes""]
		"allow":"*"		
	},
	{
		"name":"Nothing here",
		"addToMediaLibrary":"false",
		"monitorPlayedStatus":"true",
		"contentType":"Adult"
		"allow":"192.168.1.69"
		"block":"*"
		"pin":"6969"
		"files":["D:\\Porn"]
	},
	{
		"name":"Films",
		"addToMediaLibrary":"true",
		"monitorPlayedStatus":"true",
		"contentType":"Films"
		"allow":"*"
		"block":"192.168.123"
		"pin":"1234"
		"files":["K:\\Videos\\Films"]
	},	
	{
		"name":"Kids Tv",
		"addToMediaLibrary":"true",
		"monitorPlayedStatus":"true",
		"contentType":"Children"
		"files":["K:\\Videos\\Kids stuff""]
		"allow":"192.168.123"		
	},
	{
		"name":"Anime (sub)",
		"addToMediaLibrary":"true",
		"monitorPlayedStatus":"true",
		"contentType":"Anime"
		"transcodeOptions":"transcode,audio=jp,subs=en"
		"files":["K:\\Videos\\Anime""]
		"allow":"*"		
	},	
	{
		"name":"Anime (dub)",
		"addToMediaLibrary":"true",
		"monitorPlayedStatus":"true",
		"contentType":"Anime"
		"transcodeOptions":"transcode,audio=en,subs=jp"
		"files":["K:\\Videos\\Anime""]
		"allow":"*"		
	}	
]
Logs are important for us to help, Please follow This Link before asking for support. Just a forum cleaner, Will help if I can but no expert.
User avatar
squadjot
Moderator
Posts: 652
Joined: Fri Jun 01, 2012 4:24 am

Re: Understanding UMS security model

Post by squadjot »

SubJunk wrote: Wed Jan 12, 2022 2:50 pm Those are all good ideas. I have created a new issue for it on GitHub, for part 1 https://github.com/UniversalMediaServer ... ssues/2782
That would be a good first step, and then we can add the ability to share folders per device separately.
Great! I agree, good first step that will add a pretty significant feature, improved and available in the GUI.

Regarding filtering by IP's.. i guess some would prefer to filter by IP's. But, IP's can change depending on router settings.. and,.. you can happen to be on a network where you don't have access/permission/knowledge to edit router settings, and you just want to watch some private content :roll: , in this case filtering/Whitelisting by device UUID would seem to be the way to go. ( Maybe UMS can be made to support both IP or UUID seamlessly? )

I'm not sure how this device uuid is fetched.. or generated? Is it reliable to consider it unique?
Would it make sense to beef it up with UMS creating it's own and more complex hash of the device?
Post Reply