[vlc-devel] [PATCH 9/9] lua: http: Announce the web interface over mdns

[Pierre Ynard]

In a more actionable way, I think that what we need would be either of
these (preferably both):

- a secure access control mechanism: the current cleartext HTTP Basic
  isn't one;

- a remote control interface designed around the idea of not allowing
  full access to full VLC capabilities by default: perhaps safe/advanced
  modes (with advanced disabled by default), several levels of
  authorization, or granting access to each client on a feature basis
  (local media, optical drives, network inputs, stream output...)
  similarly to the OS permission model for smartphone applications.

Those would be security requisites. But additional questions still
remain, such as:

- whether it's relevant to advertise the web interface front end, as
  opposed to a proper remote control API;

- whether it's appropriate to have VLC subscribe to the botnet.

-- 
Pierre Ynard
"Une âme dans un corps, c'est comme un dessin sur une feuille de papier."