Workaround for PAW vulnerability on Android
Greetings, earthlings.
Normally, this should be the wiki of the SteamBox project.
If you just want to install SteamBox on your Android (and not run PAW's powerful /app/
control panel),
just go there.
This page is kept here historically because of a vulnerability in /app/
that was fixed (2011-06-14). Just upgrade PAW Server at the market.
There's still - however - the problem of sniffing the credentials (unless you generate your own ssl key, verify fingerprints and all that jazz - assume your credentials can be sniffed).
After the fix, I think it's safe to the run the server in a public network (e.g. for SteamBox) without moving the whole app/
folder outside /sdcard/paw/html
, as long as you don't access /app/
, but don't trust me (or anyone) on this :)