IMA: Easy guide to allow access to IMA browser page OUTSIDE of home network

Started by Jingo, September 03, 2018, 03:57:57 PM

Previous topic - Next topic

Jingo

Hi Mario - I've read all the documents and searched and searched... but I still have not found an easy way to allow family and friends to access my IMA database from their remote web browser.  IS there an easy way?  Or is a VPN or other connection to my network needed before anyone can access the site...

Your recent message about downloading images from IMA got me thinking that perhaps I am overlooking something... or is everyone required to VPN into my network before accessing it?  While I can remotely access my network using TeamViewer and Splashtop - I would prefer that family not have to use a VPN client to link in (which requires setup and explanation)... would be great if I could just forward them a url with a username:password baked in for access.

I point again to the Calibre software for ebooks that I use.... it too has a service that runs on my system which allows access from a browser url... BUT - that url works from ANY browser - even one that is not on my network (https://manual.calibre-ebook.com/server.html#accessing-the-server-from-anywhere-on-the-internet). 

Is something like this possible with IMA?  Thx - Andy.

Mario

I have written all this in the IMatch Anywhere help.

Opening up your machine for access from the Internet is a very dangerous thing. You can safely assume that bots will reach your PC and try to break in to steal your data and convert your PC into a SPAM bot. You won't even notice when this happens.

That access from the Internet to your PC is disabled by your firewall has very good reasons.
A VPN would be the best solution. Your family connects to your PC via VPN and thus safely.

QuoteI point again to the Calibre software for ebooks that I use.... it too has a service that runs on my system which allows access from a browser url... BUT - that url works from ANY browser - even one that is not on my network (https://manual.calibre-ebook.com/server.html#accessing-the-server-from-anywhere-on-the-internet). 

As is says in the help page: "Make sure the calibre server is allowed through any firewalls/anti-virus programs on your computer."

Just read that sentence again. Calibre makes you open your firewall and disabling anti-virus protection, allowing the whole Internet access to the Calibre server running on your machine.
It there is a security problem in the calibre server or Windows or whatever software you run, any capable bot can break in, overtake your PC, probably all other PCs in your home network and then do whatever malicious things it has in mind. From using your computers to send SPAM emails to mining crypto currency to encrypting all your data - once they are in, they can basically do what they want.

Opening up a normal PC to the Internet is not a good idea. You need a lot of skill to get the security right etc.
IMatch Anywhere WebServices are not hardened like special versions of Apache or Nginx. Hence the usage scenario recommendation in the IMatch Anywhere help to use Apache or Nginx as a proxy server to protect and hide IMatch WebServices and your local network - if you have to open it for the Internet. But that's way beyond what a normal person can do. This is IT Admin work.

A VPN is a much better solution for normal people. It protects your PC and data from bad people.

There has been written a lot about all this on the Internet.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook

Jingo

Ok.. thx Mario... I wonder how many families will use IMA for remote access if a VPN style setup is needed...  I have shared my Calibre server easily with family to download PDF and other documents...  Sure - it may not be 100% secure and perhaps I'm foolish - but the ease of use outweighs the minor security risk.  Besides - all someone would gain access to are the documents in the server... not exactly state secrets worth stealing!

Anyway.. thx for the answer... guess I'll investigate setting up a VPN server again... I know my FIOS router does NOT offer one so another solution will be needed and my last "go around" researching a solution was not fruitful.  Setting up the VPN server if you don't have a router that has built in functionality was not easy... unless I missed something.

Mario

You can do the same with IMatch Anywhere if you don't care about security. Just open the ports under which IMatch Anywhere can be reached in your firewall for access from the outside (the internet)-
By default this is port 8081 or 443 if you configure IMA to use SSL (recommended for additional safety).

Again, this is risky and your PC will be under attack at some point in time. You won't even notice this, because you probably lack the tools and know-how to detect this.
And if you let calibre open to the Internet... One day you wake up and al the data on your PCs is encrypted. Or your ISP disconnects your PC because it has been hacked and is sending thousand SPAM emails per second to the Internet... :o

Setting up a VPN is not that hard, there are many step-by-step guides available out there.
-- Mario
IMatch Developer
Forum Administrator
http://www.photools.com  -  Contact & Support - Follow me on 𝕏 - Like photools.com on Facebook