Love the idea of the Transfer Service.
But, I have multiple networks on my system (VMs, VPNs…) and the service is selecting one that is not accessible by my tablet.
Also, having the service run all the time is an exposure.
Request that in the app:
The service can be started/stopped.
The network be select-able.
A password/passphrase can be set (and included in the QR…)
A few questions for you:
On the computer where Flight Reader is installed, are you able to browse to the “Service Location” URL?
What kind of mobile devices are you using to connect to the Flight Log Transfer Service?
How are those mobile devices connected to the Internet?
You can shut down the service at any time from Services in Windows.
Can you tell me more about how the service running locally is an exposure? Which specific security risks are you trying to mitigate on your local network?
I am using Android Tablets with the RC. For transferring logs I would be using WiFi on the same local network as the PC running Flight Reader. Usually my own private network. But I can see occasions of using uncontrolled networks for some projects.
I can browse to the “Service Location” URL on the same PC. However, it is displaying my vBox virtual network address. I did just make another trial and it appears the Service is listening on all interfaces. Not only what is shown. So, only an awareness on this item.
In my case the PC is a notebook. Therefore, at times it connects to other networks and hot-spots. Having the service running all the time, exposes the system to others on the foreign networks being able to sniff the open connection and gain unauthorized access. Plus, if there are any exploits possible, having it run when not needed just opens up more opportunities to be taken advantage of.
Having a button in Flight Reader to start/stop the service, and a stored password/passphrase would:
A) Make it more secure, as the service could be run ONLY when needed.
B) The password/passphrase would reduce the ability for unauthorized usage.
C) User is more likely to start/stop as it would be easier than going out to services.msc.
You already have a status display. You could turn that into a toggle button between started and stopped. Then add a line below it for having a stored password/passphrase. Or also place just the toggle in the tray popup and the stored password/passphrase is used.
Using SSL would also be a good idea. In case the service needs to be used at a public hot-spot for some remote operations. That would reduce the ability to sniff the traffic and obtain the password/passphrase from the traffic. There should be libraries available to handle the SSL.
I think you have a great product. Just want to help.
The current version is looking for a private IP range of 192.168.x.x. That explains why you’re not seeing the expected IP. I have some ideas that should improve this discovery in the next release.
That’s correct.
You can restrict that further by running this Windows command (set the desired IP address):
netsh http add urlacl url=http://192.168.1.100:5382/ user=Everyone
And make any necessary changes to the “Flight Reader Flight Log Transfer Service” Windows firewall rule.
Agreed! I was just sharing the possibilities in the current version.
Stopping the Windows service from Flight Reader would require Flight Reader to be run with administrator permissions. For security conscious people like yourself, that likely would never be done. And then for those who wouldn’t know that’s required, it might cause more trouble than it’s worth support-wise. An option might be to display a start/stop button if Flight Reader is running with administrator permissions.
If stopping the service is only about preventing unauthorized access, then the other adjustments I mentioned above might be good enough. You should be able to restrict access to the desired access level with the Windows firewall rule alone.
While possible, that would require an SSL certificate to be bound to the local site. If this was ever added, it would likely need to default to off as the average Flight Reader user would not know how to configure/troubleshoot an SSL certificate.
Thank you for taking the time to share your suggestions. I appreciate it!
Latest version (1.6.14) gets the IP address I expect.
Good step!
Good to hear! Thank you for following up.