Jump to content

Search the Community

Showing results for tags 'security'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General
    • Announcements
    • Emby Premiere Purchase/Subscription Support
    • Feature Requests
    • Tutorials and Guides
  • Emby Server
    • General/Windows
    • Android Server
    • Asustor
    • FreeBSD
    • Linux
    • NetGear ReadyNAS
    • MacOS
    • QNAP
    • Synology
    • TerraMaster NAS
    • Thecus
    • Western Digital
    • DLNA
    • Live TV
  • Emby Apps
    • Amazon Alexa
    • Android Mobile
    • Android TV / Fire TV
    • Emby Theater
    • iOS
    • Apple TV
    • Kodi
    • Raspberry Pi
    • Roku
    • Samsung Smart TV
    • Sony PlayStation
    • LG Smart TV
    • Web App
    • Windows Media Center
    • Plugins
  • Language-specific support
    • Arabic
    • Dutch
    • French
    • German
    • Italian
    • Portuguese
    • Russian
    • Spanish
    • Swedish
  • Community Contributions
    • Ember for Emby
    • Fan Art & Videos
    • Tools and Utilities
    • Web App CSS
  • Other
    • General Discussion
    • Developer API
    • Hardware
    • Media Clubs
    • Legacy Support


  • Emby Blog

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

  1. mathiasaulo

    Error of Security

    Hi, I have a problem with regard to security, if the staff bookmarks a page that she has already had access to, that page even though she doesn't have access anymore, she can access normally. This problem go to plugin IPTV. Sorry if you don't have the right problem area or suggestions
  2. Salve mi piacerebbe sapere se è possibile con emby essere visti sulle smart v. Ho provato ma oltre a vedersi il server quando voglio vedere le tv in diretta vedo solo uno schermo nero. Grazie
  3. I wanted to share my fail2ban configuration for people that want to protect against a brute force attack. Fail2ban is a piece of software that will monitor log files for a authentication failures then ban the source ip address after so many attempts to protect against a brute force attack. I searched around for an tutorial or how to on how to implement this for emby and came up short, so I decided to give it a try and got it to work without much trouble at all. I wouldn't consider myself an expert and this is my first how to I have every written so if I made a mistake or I'm wrong let me know,
  4. Hi everyone. I have found a (Issue and this needs enhanced) because i have a friend who have downloaded a whole TV show to my mobile because both of us have the same Phone name and looks like than emby allow to see everyone devices as connected to emby through the list of downloads to device option let me explain in other words How I supposed to know wish iPhone is mine and the other 2 is my friend, as you can see there are 3 iPhone in the list because the devs don't have isolated it. I'm my moms tv with her accounts same thing (all device is li
  5. Non-admin-user can visit the admin dashboard by typing in the url. They can see paths, active device and sent messages to other users.
  6. Hi Emby team! I power cycle my Samsung SmartTV as you where mentionning on another topic in this forum but the app installation didn't work after this step. The same error pops up. My Samsung SmartTV is from Canada. I live in the province of Quebec. I don't know what to do... Do you have the solution? Thanks! Greetings, Brandon ✌
  7. FoxBlackeagle

    EMBY über HTTPS

    Hallo zusammen Ich habe folgendes Problem. Mein Emby Server soll mittels HTTPS (über Port 443) und einem Zertifikat das von Certify the Web erstellt worden ist erreicht werden. Das Zertifikat habe ich aus dem IIS Exportiert und in den Emby Einstellungen Hinterlegt (auch mit dem Korrekten Passwort). Ich habe es auch mit dem Standard Port versucht und diesen auf meinem Router Freigegeben allerdings ohne erfolg. Leider kann ich mit der Error Meldung im Log File (Im Anhang) nichts anfangen. Ich danke bereits viel mal im Voraus für eure Hilfe Grüsse Fabian embyserver.txt
  8. When I reset my emby password, I get my new password emailed to me in plaintext. This isn't even a temporary password either, you are encouraged to change it but it is not mandatory at login This suggests emby is storing passwords in an unhashed form (otherwise they would not know the password itself and wouldn't be able to email it) Given the recent hack at Plex, security should be top of our minds, that's the only reason I'm asking Also, is the password for Emby forums and the emby web client the same?
  9. Morning, I have three users setup on my Emby server (Debian). Two are humans who need to log in or they cannot gain access. The third is a ghost account to allow DLNA access on my LAN. My problem is that although I've setup the DLNA user with a password, if I use a mobile connection to my server web interface to simulate WAN access, I can enter only the username and login without a password. This is potentially a major security hole. I've checked the settings against the human users and they are identical, plus I've restarted the server just in case something didn't take. To tr
  10. I have an Emby server ( running on macOS Catalina. I have several users defined in the server. The server is accessible within my home network (via HTTP) and over the Internet (via HTTPS). Most ion my users have passwords defined but I have one, which is the 'family' user which is intended only for use within our home and so has no password defined. For this user I have unticked the box that says 'Allow remote connection to this server' but when I access the server remotely a ) The user still shows on the login screen b ) Clicking the user logs it in. This seems like
  11. not sure if this is a Synology only Problem: but the Standard User should't able to login from extern without a password
  12. A fundamental question about security, especially because of the current problems caused by the so-called Emotet Trojan: I use the emby server under Windows10 on the same PC where my Kodi Client is installed. The data is stored on a Synology NAS. Under Windows direct, I did not set up network drives directly on this PC, but use the UNC paths for the libraries, e.g. \\IP\Share\folder\... Since emby does not allow you to specify credentials, the logged in Windows user must have access to this shares on the NAS. In case of a Trojan infestation of the PC, especially Emotet should have no pro
  13. CURRENT STATUS: SSO: Not yet planned LDAP: Development COMPLETED - BETA AVAILABLE >180 direct endorsements >30 MONTHS (>2.5 years) >12,000 views PLEASE BUMP - - - - - PLEASE LIKE - - - - - PLEASE BUMP - - - - - PLEASE LIKE - - - - - PLEASE BUMP This would greatly expand Emby's usage, and possibly more enterprise level adoption, user templating, user groups, SSO, etc. There are also users who have completely abandoned Emby and ended subscriptions due to the lack of this necessary basic functionality. Note: SAML2 is also part of
  14. frei

    HTTPS Login

    Click "SIGN IN" on https://emby.media , take me to http://app.emby.media/#!/startup/welcome.html This should be https as a basic requirement for all the modern apps/websites.
  15. Hello, all Coming from the Plex world Secure Connections was easy to turn on (actually on by default). I am trying to determine if Emby has that on by default or what steps I might have to perform or if it's a non-issue. I am really hoping whatever is involved is pretty straight forward. When I (or a friend) is accessing my Emby server remotely I'd like to be reasonably secure. I liked that "no brainier" aspect to Plex. When I looked in the "Hosting" area of Emby server I saw a check box for requiring HTTPS (the equivalent of secure connects... maybe?) but it then asked me about Certs an
  16. So I found a pretty big issue today while signing into Emby. I changed my Emby password yesterday, but when I went to sign on today I accidentally used my old password and my old password STILL WORKED! I am able to sign in with both my old AND new password. I feel like this is a pretty big security flaw. While writing this, I'm starting to question whether or not this is a bug. My old Emby user password was the same as my connect password, so are you able to sign into your Emby user account on the web dashboard (this one, specifically: https://memester.cf/u/rrqj90.png) usingyour con
  17. A bit like this topic https://emby.media/community/index.php?/topic/73224-emby-shows-unknown-users/ and this topic https://emby.media/community/index.php?/topic/71982-server-security-compromised/ I have also found my emby setup to have been compromised. In my case like some of these users I found a user called "computerguyiptv" on my system (showing as a cloud user). Having just spent the better part of a couple of hours digging in to this I am pretty happy to say that while you guys are clearly working on the security, it sounds like long standing defaults are making a right mess of
  18. I have created multiple libraries targeted for different set of users. I have granted access to one or more libraries for a given user, and no access to other libraries. The libraries where the user has no access, are not available from his dashboard, however, a direct link to the library or a movie within the library, will allow the user access. Is this somehow possible to prevent? Regards Johannes
  19. lawprior


    I'm trying to connect to the hosted web app through HTTPS, because Chromecast now needs it to work properly. I'm told to select my server, and it won't connect to it. I can connect to it just fine on HTTP. So, does anyone know what's wrong and how I fix it?
  20. herdofem


    I just installed Emby on my Window 7 desktop with default settings. I'm using it to share my 23GB of music. I have 1 250 GB SSD (operating sysstem) and one 1 TB non-ssd hard drive (with the music), which I don't have a backup plan for right now. I've given a few of my friend the dynamic ip address (which doesn't seem to change) to use with their phone apps. I don't plan on using the server for much else. I'm worried Iv'e exposed mysyef to the internet. Would Emby connect be safer. It requires them to make an Emby account correct? How about a static IP address, different DNS, or NAS?
  21. I like Emby enough that I bought a premiere license a while back but after discovering what I believe is a major security hole I'm rethinking using the server. Media streams do not require authentication. Steps to reproduce (using version Note: this example is using a video but the problem persists for all content types. Log into Emby from your browser (in this example, Chrome). Open the developer tools -> Network tab. Filter the traffic by "stream.mov". Play any video and you should see a GET request show up. Copy the entire "stream.mov" URL. Fully clear your browser. Paste
  22. English: Hello I suggest expanding the security: - user blocking function, 5 items (to be determined by the administrator) of consecutive incorrect logins - blocking the IP address (DDOS, Firewall), if for a period of 15 minutes (to be determined by the administrator) there will be an incorrect authorization (amount to be determined by the administrator) for 1 hour (to be determined by the administrator). IP addresses should be visible in the menu, it should be easy to clean the individual or all addresses, there should be a schedule for cleaning these addresses set by the administrator (f
  23. There have been a few posts around the Forum recently regarding SSL, HTTPS and Security. I'm by no means an expert on reverse proxies but have had alot of dealings with them over the past few months and with the help of @@pir8radio and @@shorty1483 have a fairly well setup and secure system to access my services from outside of my LAN. This guide is to help people access their Emby Server and any other services behind a reverse proxy. This is based on NGINX but it also works for Apache and IIS. So firstly, what is and why do i need a reverse proxy? If you’re like me and have many serv
  24. Hello, In this thread: http://mediabrowser.tv/community/index.php?/topic/12014-large-library-causing-issues/page-1 it is mentioned the server logfiles are available on the internet without any form of authentication. @@ebr responds to this with: I have not changed anything in my site configuration, I've done a standard installation so the installer configured the webserver for me. I am able to open my logs folder over the internet without any authentication, so it seems to me Media Browser does this out of the box. To test it, use this link, but include your own hostname
  25. ywecur

    Users have 2 Passwords?

    When I invite someone to my server and they link their emby connect account the password from their emby connect isn't the same as the one on the server. In fact, if they set no password on the server ANYONE can log into their account without any password and access all media on the server! Is this expected behavior? Seems completely insane to me! Why do I have to set passwords for users who already have passwords for their emby connect accounts? Is there a way to disable login without access to their emby connect account?
  • Create New...