CatSama 1 Posted August 9, 2021 Share Posted August 9, 2021 (edited) My Emby server‘s version is 4.7.0.6 I found I can use https://{host:port}/emby/Audio/{item_number}/universal?UserId=1 to access all my audios in my Emby server https://{host:port}/emby/Items/{item_number}/Images/Primary?maxWidth=2561&quality=90 to access all my pictures and photos https://{host:port}/emby/videos/{item_number}/stream.mp4 to access all my movies and videos without any authentication It means if I knows someone's Emby server's host address. I can easily write a program to detect and download all his media in his Emby server. I disabled "Remote Access" when I found this problem. but the question is is Emby safe on the Internet? How to make sure it? Edited August 9, 2021 by CatSama Link to comment Share on other sites More sharing options...
Luke 36879 Posted August 9, 2021 Share Posted August 9, 2021 The audio and video urls are only accessible that way on the local network. On a remote connection they would be rejected. Link to comment Share on other sites More sharing options...
CatSama 1 Posted August 10, 2021 Author Share Posted August 10, 2021 (edited) 22 hours ago, Luke said: The audio and video urls are only accessible that way on the local network. On a remote connection they would be rejected. @Luke Thanks , I have tested audio and video. But I can still direct access my photos on a remote connection. I really don't want somebody access my private photos without my confirm. Do we have any plan to fix this? Edited August 10, 2021 by CatSama Link to comment Share on other sites More sharing options...
pünktchen 1241 Posted August 10, 2021 Share Posted August 10, 2021 42 minutes ago, CatSama said: @Luke Thanks , I have tested audio and video. But I can still direct access my photos on a remote connection. I really don't want somebody access my private photos without my confirm. Do we have any plan to fix this? Take a look here: https://emby.media/community/index.php?/topic/84893-images-dont-require-api_key/&tab=comments#comment-1043565 I doubt we will see a solution anytime soon. Link to comment Share on other sites More sharing options...
CatSama 1 Posted August 10, 2021 Author Share Posted August 10, 2021 22 minutes ago, pünktchen said: Take a look here: https://emby.media/community/index.php?/topic/84893-images-dont-require-api_key/&tab=comments#comment-1043565 I doubt we will see a solution anytime soon. Unfortunately, I just found I have already report this problem in 2018,but the problem is still here. So.... Link to comment Share on other sites More sharing options...
pünktchen 1241 Posted August 10, 2021 Share Posted August 10, 2021 And that makes it even more worse!!! Link to comment Share on other sites More sharing options...
DJkhaled 8 Posted August 11, 2021 Share Posted August 11, 2021 Close your ports use iptables or just don't add personal media, anything online not just emby is always susceptible to the rest of the world. One of my emby servers are hosted from a McDonalds franchise on a vps you think they know ? Honestly it's up to you to secure your home media emby server as there always will be security flaws in all software. Link to comment Share on other sites More sharing options...
CatSama 1 Posted August 12, 2021 Author Share Posted August 12, 2021 10 hours ago, DJkhaled said: Close your ports use iptables or just don't add personal media, anything online not just emby is always susceptible to the rest of the world. One of my emby servers are hosted from a McDonalds franchise on a vps you think they know ? Honestly it's up to you to secure your home media emby server as there always will be security flaws in all software. Good news, all operating systems and software no longer need to release patches to fix bugs. Because "there always will be security flaws in all software". Link to comment Share on other sites More sharing options...
DJkhaled 8 Posted August 20, 2021 Share Posted August 20, 2021 On 8/12/2021 at 6:23 AM, CatSama said: Good news, all operating systems and software no longer need to release patches to fix bugs. Because "there always will be security flaws in all software". Can't you set external ip addresses that emby will allow and block everything else ? Until it gets patched ? What have you tried if anything ? Link to comment Share on other sites More sharing options...
CatSama 1 Posted May 25, 2022 Author Share Posted May 25, 2022 On 2021/8/10 at PM10点40分, pünktchen said: 而这让事情变得更糟!!! see? They just don't care. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now