Does anyone else find it odd that when you install MythWeb (at least in Gentoo) it leaves it open to anyone who wants to get into it? Since someone could mess things up pretty well on your computer if they got in and set it to record, say for the next 48 hours straight, it seems like that should be a pretty big no-no. Obviously I set up .htpasswd access, which was already included in the MythWeb .htaccess but commented out, but I'm guessing not everyone really wants to dig around in the htpasswd man page to figure out how to use it. I guess I'm curious whether everyone's was set up that way by default when they installed it or if it's just a Gentoo thing and maybe a bug report would be in order.

Ya this has been found. Here is how to solve it.
http://www.mythtvtalk.com/forum/viewtopic.php?t=1345

go to bugs.gentoo.org and post it as a bug... by default i feel that it should be closed and you should have to intentionally open it to allow others in.

search there first, it is likely that someone else has reported it.

Good to know I'm not the first to notice this. It would have been pretty sad if it hadn't occurred to anyone else somewhere along the line.:)

I actually don't see any bugs for mythweb at all on bugs.gentoo.org, so I think I'll go ahead and post one. I've already got an account there anyway for an ebuild that I wrote and then discovered was already posted. :o

Edit: bug submitted, in case anyone's interested.

Well, apparently they don't consider this worth doing anything about. They're going to leave it up to the user to find the .htaccess file in the mythweb directory and see the instructions in there about it (mind you, this is a hidden file we're talking about). I'm debating whether to argue about it because I disagree with this, but I don't think that I'm going to convince them since they are the "experts".

https://bugs.gentoo.org/show_bug.cgi?id=99278

best thing i suggest is finding this doug's IP, and filling his hard drive till it crashes ;)

Another update: Somebody did finally fix this so mythweb is installed by default with password protection in Gentoo.