Versions Compared

Old Version 2

changes.mady.by.user BrightSign TechDocs

Saved on

compared with

New Version 3

changes.mady.by.user BrightSign TechDocs

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The network settings of a BrightSign player are highly flexible and configurable. As a result, the integrity of a player is the direct result of the publishing and networking network configuration settings specified during the player setup process. Some configurations are best for networks where security is of little importance, while other configurations give the player a significant amount of resilience to outside attacks.This page explains settings that affect the security of the player and outlines the steps for creating a high level or basic level of network security.

Overview

There are four optional features in the BrightAuthor BrightSign Unit Setup window that affect the overall security of the player:

A. The Diagnostic Web Server: The Diagnostic Web Server (DWS) responds to requests sent to the IP address of the player, allowing a user who meets the username and password requirements to retrieve information about the player and send system commands to it (reboot, enter recovery mode, test video resolution, etc.).

Note
titleNote

The Diagnostic Web Server (DWS) is enabled on new players by default: The username is "admin" and the password is the player serial number. To change the login credentials or disable the DWS entirely, perform the player setup process in BrightAuthor.


B. Local Web Server: The Local Web Server responds to requests sent to the IP address of the player at port 8080. By default, this option also enables the device webpage at port 8008, which can optionally be disabled by navigating to File > Presentation Properties > Variables. The device webpage allows users on the local network to alter User Variables, which are numerical values within the presentation that extend the interactive capabilities of a player.

...

  1. Enable the Diagnostic Web Server: Without password protection, the Diagnostic Web Server will be accessible by anyone on the local network at the player IP address.
  2. Enable the Local Web Server: Anyone on the local network will be able to access the device webpage at port 8008.
  3. Use Local File Networking: You will be able to use BrightAuthor to publish presentations and update schedules on a player connected to the local network.
  4. Enable basic authentication: If you are using Simple File Networking, you can enable basic authentication to have the player send the user name and password credentials to the server as plaintext data. This makes Simple File Networking compatible with a greater range of server configurations.

Advanced Topics – Java Runtime Environment

BrightSign players support a Java Runtime Environment (JRE): Developers can load Java applications using the roJRE BrightScript object. This functionality is not enabled by default and must be initialized by the autorun.

While network interfaces in BrightScript are built to prioritize security, Java applications can generate any number of security vulnerabilities. If you plan to load Java applications on a BrightSign player, we recommend testing the configuration thoroughly before deploying it in a production environment.