Bitpicker 2 Posted December 4, 2022 Share Posted December 4, 2022 The "Emby Connect" log in page is showing as not secure. When I tried to see the ssl certificate information, there was nothing to see. Please, this needs to be fixed asap. This leave a gigantic hole open for capturing your users log in formation! Link to comment Share on other sites More sharing options...
Happy2Play 8304 Posted December 4, 2022 Share Posted December 4, 2022 You are required to navigate to https://app.emby.media as not all users have SSL Moving from CSS forum. Link to comment Share on other sites More sharing options...
shallax 0 Posted December 4, 2022 Share Posted December 4, 2022 This just sounds like a bad idea, it’s supporting people not setting up SSL and being insecure. Wouldn’t it be better to just make something like LetsEncrypt a one-click installation rather than risk letting people get snooped? Link to comment Share on other sites More sharing options...
Luke 37119 Posted December 4, 2022 Share Posted December 4, 2022 1 hour ago, shallax said: This just sounds like a bad idea, it’s supporting people not setting up SSL and being insecure. Wouldn’t it be better to just make something like LetsEncrypt a one-click installation rather than risk letting people get snooped? If all devices accepted letsencrypt certs then yes, that would make sense. But otherwise it just leads to reports of not working, unable to connect, etc. When the day comes that we know all servers have ssl, then we'll be able to force to hosted web app to https only. Link to comment Share on other sites More sharing options...
CRK1918 0 Posted January 24, 2023 Share Posted January 24, 2023 Can they use secure connections first? If the secure connection does not work, the secure connection website will prompt the user to use an available incomplete connection. At least the user has some vigilance. Link to comment Share on other sites More sharing options...
Bitpicker 2 Posted January 24, 2023 Author Share Posted January 24, 2023 I pointed that out quite a while ago. The question is…. At what point does the connection become encrypted. Before or after login. Today’s best practice says all websites should be using security (https). 1 Link to comment Share on other sites More sharing options...
Luke 37119 Posted March 13, 2023 Share Posted March 13, 2023 On 1/24/2023 at 1:07 PM, CRK1918 said: Can they use secure connections first? If the secure connection does not work, the secure connection website will prompt the user to use an available incomplete connection. At least the user has some vigilance. if you setup https on your Emby Server, and your server dashboard displays your remote address as https, then that's what Emby apps will use when connecting remotely. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now