Jump to content

Search the Community

Showing results for tags 'Security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • Non-Emby General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support


  • Emby Blog


There are no results to display.

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. Definitions: Local refers to HTTP/unsecure External refers to HTTPS/secure For local use, I really see no reason to use passwords but for external use, passwords are critical to prevent anonymous access (only want a handful of people to access it, not the ~7 billion people on the planet). What I expected going into this is that only Emby Connect enabled accounts would show up through HTTPS and they would require the Emby Connect credentials to log in. What I got was the same as HTTP: click a name and you're in. So, what does Emby support now in terms restricting access to the world other than NAT routers and requiring all users to have password? If I have it about right, then consider this a feature request (probably should move it to Feature Request forum).
  2. Two-step verification (preferably using 3rd party options, such as Google) for signing into server from outside the home network. How feasible would this be? edit: Pardon the typo in the title; can't figure out how to correct it.
  3. bb_xspeed

    External Access

    Hi, I currently use emby on a windows server as an internal MediaCenter with Emby for WMC client. 2 users are created - 1 for my kids without any password allowing them to access easily to all the stuff they like through the remote command + TV - 1 for parents with a very simple numeric password that we can enter with the remote control. The idea is to disallow kids to watch films and series that are not for their age Today, I would like to active external access to let friends access my media library from the internet. So I activated Emby Connect which works great. But, as I entered a nat rule in my internet box, It opens access to my server from the outside. So anyone that scan my IP and tries port 8096 is able to access my medias through my kid unrotected user ou through the very simple parent user password. So, I would like to use emby connect but to disallow direct http access on my external public IP adress with kids and parents user (that I still need to be viewable from emby for WMC client. I do not want to enter manually login/pass from my remote commande . Is it possible ? Other Idea : Today, When I use TeamViewer, I do not need to open any incoming nat rule on my internet box to connect my PC from the outside. I do not know how it works but I suppose that my PC has a permanent outgoing https connection to teamviewer cloud that, then, let me connect to it. Would it be possible to have this kind of functionnality in emby ? Emby server would have a permanent connection to the emby cloud that would let emby connect users to connect it. On the other hand, it would not let direct http access on 8096 port for other users ... Thanx
  4. anderbytes

    Question about logs

    I've seen than in "Manage Server > Help > Logs" , where the Logs list can be found... each one can be read and downloaded, OK so far. The problem is: the generated URL's create a persistent authentication-bypass where anyone with that url can directly read this and other logs (simply varying the incremental number) Example: https://www.mydomain.com:8920/emby/System/Logs/Log?name=server-63597366821.txt&api_key=72ef32b64a3c3486842c519dcc75a06e I modified the api_key here in this topic on purpose... or else anyone here would be allowed to download my logs. The problem: your browsing URL can be seen in a different number of places (cumulatively): - Your local computers, by other users - A network proxy, if you´re accessing from an office (any IT employee there) - Your ISP, that in other case would not have that kind of information about your server (any IT employee there) - NSA (everyone there) So... is it possible that the API_KEY will be hidden and a POST header (session-based) used, instead? Thanks!
  5. djandrius

    Password Not Required

    This is a very serious security bug: 1. Downloaded stable Version 3.0.5882.0 (Windows 7) 2. Go through setup. I already had an account created with Emby therefore added my email address and approved in email. 3. Was asked to create a user (User1) in one of the next steps. 4. Setup libraries, setup https access (all through remote access software) 5. Now to the bad part - to my extreme surprise, when I went to my external address (keep in mind I am not even at my house while setting this up) and I have never logged on to Emby before from this computer, to my surprise I am presented with "User1" big button in the middle and there is no password required to manage entire library! How in the world the Admin user is accessing through external address and allow user account to manage without a password? P.S. Of course I have added password and edited account to be removed from the login screen, however not everyone without the knowledge would ever be able to know that they just exposed their media administrator to the entire world who can delete entire library with a few button clicks.
  6. Hi everyone. Instant Emby fan and new Member here. As a network geek, I wanted to ask about port forwarding and security concerns in general. I'm a little uneasy about punching holes in my home firewall and wanted to know if others have run into similar concerns, and what they've done about it. As a former Plex user, one thing I liked was that I didn't have to port forward anything...being away from home I could still log into my Plex library just fine. I don't know how they achieve this btw, maybe via proxy or a reverse connection to the client? But in Emby, I can't access my library without forwarding TCP port 8096. So...here are my questions: 1) Anybody feel the need to change the default Emby port to something else for security reasons? If so, anyone have any issues doing so? 2) I tried using TCP port 8920 for https connectivity and couldn't get my Android client app to connect. Normal http connections over 8096 work just fine. Any one else having this issue? Thanks.
  7. curtisghanson

    IPTV Plugin - Unable to view across users

    I don't know if it were the intended behavior. But the IPTV Channel (Video Bookmarks) Plugin allows an administrator to add an IPTV feed. But, no other user can see the feed, only the administrator. Since you can only add feeds from the admin back-end, then no user besides the administrator can ever use the plugin. Am I correct in arriving to this conclusion? In any sense, if I am correct on this plugin's behavior, I went ahead and removed the user_id parameter from the .cs file where the query is made. I compiled it and uploaded it to my instance of emby-server and so far it's working great. If this is something anyone might be interested, I can do a pull request on the Github repo to submit my change. Or if there is a more appropriate place to upload my code changes, I can do that as well. edit for grammar
  8. Emby connect appears to limit the max length of a password to less characters than the forum does despite using the same username/email address. Please remove the character limit on the Emby Connect login or at least increase it to be the same or greater than the forum.
  9. Version 3.0.5482.4 I removed devices from my server on version 4000, and no devices would get re-populated in the list. I see the devices listed in the security area with an api key. I just dont see them repopulating in the devices area of the server, which limits me to not being able to assign users to certain devices. Is there any server file I could delete to get the devices to start filling in again.
  10. Hi everyone, I would like to be able to configure the Emby server running on my PC to allow only specific users to access it and serve media. I can't seem to find any settings or config to do this. For example, if someone (a guest) logs into our home network via our wireless router, I don't want them to see the Emby server on our network or if they see it, not be able to access any of the media. Currently they can, even if they don't have a login for the network or the PC that has the Emby server running on it. I find that a little strange for default behavior. I have private pictures and videos and I don't want business guests that come to our home for meetings to be able to see the server. Thanks.
  11. I just noticed in Emby 3.0.7013.4 (latest beta) that using webclient for server administratior or media playback, when the user logs out if you clic on "Manual Login" the last user username but more importantly also he password are already filled. I'm not sure if this was the same no previous versions or not. This might pose a security risk in the scenario that the last logged user was a server administrator but it will also have other implications and risks when you use different users for parental control or library access. The issue is more evident if you only use manual login for all your users (hidding them from the login page). Repro steps: Login with any username in the webclient Logout using the logout button. The webclient will return to the login screen. Clic on "Manual Login" and you will see the user credentials of the last logged user already filled in, including it's password. Clic on "Log In" and it will go ahead and log you in with the last user credentials. Thanks.
  12. Hello, I noticed once in Firefox browser watching video, right click on video brings submenu offering various options, including “Copy video location” and “Email video” (Chrome has “Copy video URL”) Anyway, once you copy the link and email it to anybody they can access the video without authentication. Is it possible to change this and make a video more secure? The example of the direct link that bypass user’s authentication: http://myip.address.com:8096/Videos/0582de1364832564a1da425fb501f01d/stream.mp4?Static=true&mediaSourceId=0582de1364832564a1da425fb501f01d&api_key=81c0f4041be1491aa5316052d589c6fd Regards
  13. So I am a happy convert from plex. Then install was smooth despite coming in where the service start command isnt working. I set up everything in less that a couple hours and I was off. Then I made user accounts and started making sure the externally facing site was routed correctly and so on. Then I realized as I confirmed that the externally facing site was up, anyone could stumble upon my server and use the accounts. I confirmed this by manually connecting to my server using the android application and selecting a user. So my question here is can we add a separation between internal and external accounts? Perhaps we could force users to create a password or pin(better than nothing) when they first connect to the server?
  14. Hello I have been searching for several hours on how to disable the remote access and possibly make it more secure so no one else outside my network can see my files I read this topic "Disable Remote Access?" and many other topics - being newbie I have no idea how to disable it when I go to My_IP_ADDRESS:8096 from other internet networks, it brings up a page that has my profile, can someone please make a step by step instruction on how to disable the remote so no one outside the network can access / know about me running this server? thank you
  15. davidreed

    How to restrict public access

    I've got Media Browser set up and I love it.. however, it seems like anyone with access to my IP can gain access to my server.. how can i lock this down?
  16. Hello, not sure when it happened, but all movie folders are available to all users for my library after a recent upgrade. Looking at the users, they are all set to have access to all libraries (even though I had changed this several months ago). Why would a server upgrade override previous settings? Thanks.
  17. Not too worried since I don't have my MB server always running, but I received the following message from my antivirus today: OS Attack: GNU Bash CVE-2014-6271 Symantec writeup: http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27907 Any advice or remarks would be greatly appreciated. I only know enough to be dangerous, and I have little experience in GNU or Unix. environment: Windows 8.1 Pro (x64) - MB Server 3.0.5518.7 -
  18. I use complex passwords for accounts to secure external access for all accounts. However, I do not need anything as complex at home, as I only wish to keep the Kids off of the Adult accounts. I have a Kids account that I have set to Allow Local Access without Password. However, I would like to still retain security locally running MB Theater without having to pull out a keyboard or some super special remote. An alternate PIN for local access would be a blessing. Current: User- Remote: Password Local: Password/No Password Proposed: User- Remote: Password Local: Password/No Password/Alt PIN
  19. Hi folks, My trusty 2009 Belkin N+ gigabit router is still working, but I've noticed a distressing increase in tendency for it to lose pairing with the cable modem in the last month or so. It might be completely on the side of the cable company / cable modem (which also provides voip telephony), but I'm considering pre-emptively replacing the router. So, based on the typical "Media Browser Consumer tech profile" what would be a good replacement? Obviously needs gigabit hardwired ports plus whatever the latest wireless standard is, but I'm interested to hear practical use case feature/benefit discussion. I'd also like to be able to easily stream my collection out to the internet so I can play media from wherever I might be... ease of configuration for this is a plus. One note about a deficiency in my current router: In years past I've sometimes had folks hack my wifi system (which has always used WPA2 encryption), or at least try to do so persistently enough that the router's built in security started flashing LEDs at me warning of security breach attempts. These aren't Iranian hackers or anything, but suburban teens with too much time on their hands. After this, I enabled wifi MAC address filtering which promptly resolved the matter. All was well. Until my son started having friends over, that come with their tablets, asking for the wifi code. I can set up a guest wifi access spot on my current router, but IT SHARES THE MAC ADDRESS SCREENING TABLE. So, to get a guest device working, even on the guest SSID, I have to enter their mac address into the router. I need to get away from that... it's a PITA. Ideally, I'd like to be able to configure MAC filtering separately for guest access versus the main network. It's also important that the guest wifi not have access to any other computers on my main network. Probably all this stuff is standard now, but I figured I'd run it by you all. I could also I suppose use the old router as a bridge / access point of sorts, plugged into my new router, so it would set up a completely separate wifi network, without much security other than WPA code, and be turned on (plugged in) only when guests are about the house... that would work, wouldn't it? Or would the "double router" be a problem? Thanks in advance for your insights. Marc
  20. Hello this is for the developers, first, GOOD JOB, clean nice, un-cluttered web interface/client. Server is coming along nicely as well! I will be donating again, I don't give money for software often, especially free software. questions: 1. How secure is the web client interface.. I have not dug yet, but I plan to use media browser as a subsonic replacement. I want to give users access to my server. But I don't want to open any huge security holes. As developers you know the back end well, what could you do from my web client with no login? and/or what could you do with a standard user login? 2. The media scanning seems to crash out often... it always says "stopping" at random times, no errors in logs, service just seems to restart. Also i have set the scheduled trigger to once a day at 1am and i'm finding the server scanning at random times throughout the day still... i removed all other triggers, all that remains is the new daily trigger. 3. i would like to customize the web interface that the media browser team has already worked so hard to perfect... Like, add my own logo on the dashboard.. Is this possible? or do i have to tear down the program and re compile? (again didn't dig to far yet... didn't look through directories and see what is available for playing) 4. Feature Request: A download button, so (myself of course) can download my media remotely via a web client? MEDIA: MP3's 142,404 (no doubled songs for one album) Music Videos 12,476 Movies uncompressed mpeg 310 (just started last year with movies!)
  21. Would like an option to only require passwords for connections from external devices - i.e. any external IP address device requires a password (but can be autoentered by the client after that). This way local devices, which are already secure in a home, do not require a password (especially useful for multiple users on the same client), but devices outside the network do. Please provide your thoughts.
  22. Oh that would work, however we both use the HTPC with MBC (and that is our most used device) and the Roku so auto-login would be quite a hinderance there.
  • Create New...