Username and password to access bliss
An admin user and password account is a must. Authorisation should be delivered via HTTP basic authentication at least.
Later (but this is not the subject of this idea), further accounts with read only and/or write access would be great. Access control could allow read/write access to certain things such as certain albums, artists etc. Some accounts would be able to reorganise certain things. This would be especially useful if future API functions are made available.
Jason Schafer has written up some instructions on setting up an NGINX proxy in Windows, and I've adapted his instructions for Linux/OS X: https://www.blisshq.com/music-library-management-blog/2017/03/07/setting-up-bliss-authentication/
Wouter Teepe commented
I like this idea. Just one simple password would be already pretty good.
Using https (even when just with a self-signed cert) would be a nice plus to actually protect the password against being snooped when accessing bliss through wifi (who doesn't today). (and wireless encryption is generally crappy).
user password be plus for login
Great idea. currently I'm opening and closing port 3220 when I want to work on the albums from outside my network.
Ok, well I changed the idea to be a first, simple small step to introduce username/password authentication.
Ok, well I prefer small steps, so can we change this idea to "Authenticated access to bliss", specifying minimum of HTTP basic authentication and the fact that there is only one level of authorisation: access? There would be no finer grained access control rules for this idea, that can come later.
I'm interested in the car PC project, let me know if I can be of any further help. I've had some previous contact from people who have installed bliss on ARM architectures.
Hi Dan. The absolute minimum would be HTTP basic authentication as an option to protect the web interface from abuse. From a personal point of view, I intend to expose bliss to the internet for remote access on my vortexbox as i stream across the web. From a development point of view, we are developing an android based media hub (Arm9) for inclusion within a 2-din unit for car use. This will automatically sync and have a custom front end, but will require at least basic auth as a minimum security measure if we are to offer bliss as a plugin (which we would like to do, based on its simple UI)
Thanks for this. What would you say is the absolute minimum first step? Adding a username/password challenge to bliss? Would you actually use this, and what are the reasons for using a username/password challenge?