So if you use a vpn or port forward your public IP, the dashboard will autologin. Can we get a better security on the dashboard login that uses cookies and or login on ever ip address?
Same issue?
If you port forward it will require auth. Try it in chrome incognito to confirm
same issue with more details. the dashboard isnt secure..
I try port fward with chrome incognito and same issue.. even with tailscale vpn
Tailscale VPN is secured by your Tailscale login
Using my public IP it goes straight in. I did have another user test and did pop up for authen.. then he login with our tailscale vpn and it instantly log him in.
once user connects with tailscale, then they have access to the dashboard. anyone with the vpn access.
Be better secure if we have one port for dashboard and one for clients to connect too.
Have a popup for login will help as well.
That is the expected behavior. If you login with Tailscale you can access the dvr.
to a min yes access the client stuff.. but to access the dashboard.. should be more secure then having it wide open on a LAN or vpn.
Try over LTE
did. and does ask for auth now. but doesnt resolve the vpn issue. Any one who i give access to connect to for the client. can access the dashboard
1 Like
That's how it works. Channels DVR is designed for personal use not sharing with strangers.
its not strangers but i get your point. I use it at work when im away on my phone and laptop for family. should have some more auth on the dashboard to be honest..
While I understand how ChannelsDVR is "designed to be used in a family friendly network", there is a clear security risk here while at home.
Let me give you one clear example, if you have kids and you are setting restrictions to prevent certain content to be visible from specific client devices at home, well, any kid these days can easily go to the app and settings and figure out the IP address to the server and find the default port online and change all the server settings.
Another, if you have a roommate and they are in the same home network they can easily go in and change any settings and there is nothing us owners can do about that.
This is why on behalf of all paying subscribers I would like to please request an enhancement to add a login page to the server dashboard if I may and perhaps give us users the option to use it or not, and if that's already been requested, can I please have the link to that enhancement request?
Thank you and I appreciate all the efforts.
Do you know that you can enable Kiosk mode on all your clients or individual clients of your choice?
That will hide the settings from the client(s).
This could help a little. 
True, thanks for the reminder, still the advertise local address dvr-home-nas.local:8089 is not too hard to find.
How about adding an ACL or couple of them, with the list of networks who can have R/W or Read only access to the server?
One could put 127.0.0.1/8 for R/W access to allow only management via a ssh forwarded port (or locally).