"destruk" wrote:
Roku2 can delete dev channels. You click the delete button on the roku's developer IP, so, it's also not authenticated to get to that page as it's in your trusted LAN. Hotel guests with a laptop or cell phone using your internet could log into that site and wipe out your dev channel for each connected roku device on the network, one by one, so that's not a good solution either.
"RokuJoel" wrote:
You could just put the players on their own subnet, authenticated by their mac address and block the mac address from the wireless subnet that the guests are on. Won't stop people with their own hotspot from tampering, but you could always teach the housekeepers how to reset the box back the way you want it.
Joel is on the right track. There is a very simple way to make it bullet proof.
* For a hotel under construction, we can put the Rokus on their own physical LAN, separate from guest Internet access. To prevent somebody very creative from plugging their computer into the dedicated Roku LAN, we can limit access on that switch port to only the Roku's MAC address (takes under 1 minute of work on a modern commercial network switch). To prevent the 0.1% of people who know how to change their LAN MAC address from doing anything funny, we can enable port isolation on the switch (again, less than a minute of work).
* For an existing hotel, or where running two Ethernet cables per room is undesirable, we can simply use a different subnet
and VLAN for the guest network.
In the worst case scenario, the guest will be able to, at most, temper with one Roku that they have physical access to, and which we'll reset when they check out anyway.
Besides, we are talking about a hotel here, not a prison. People checking into hotels have much better things to do than try to damage the hotels property.
