gskmr2 1 Posted August 12, 2023 Share Posted August 12, 2023 Simple bug to find: Log in as a normal user and play back a movie Log out and back in as a restricted user (i.e. one that doesn't have permission to the movie you just played) Go to the browser history, click the old link and you can play it fine as a user without permission. e.g., We watch a movie, say, Hellraiser on the home PC. My 12 year old uses it the next day and can go to the history of Chrome and play back the movie no problem. You can also go to the main media folder it lies in and choose any horror film you like. 1 Link to comment Share on other sites More sharing options...
Abobader 2952 Posted August 12, 2023 Share Posted August 12, 2023 Hello gskmr2, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team Link to comment Share on other sites More sharing options...
GrimReaper 3320 Posted August 12, 2023 Share Posted August 12, 2023 Which server version, which browser? Can't reproduce on Edge, Chrome or Firefox. Link to comment Share on other sites More sharing options...
gskmr2 1 Posted August 12, 2023 Author Share Posted August 12, 2023 Sorry, forgot to say. Its all Windows - WIndows Emby V4.7.13.0 running on Windows 10 using Brave browser. Link to comment Share on other sites More sharing options...
gskmr2 1 Posted August 12, 2023 Author Share Posted August 12, 2023 (edited) I have an idea its because Brave stores the full URL to the file index.html#!/item?id=207950&serverId=8206516685aa4d269e46a2653f72d17b If you manage to get that, copy and paste (same as clicking on a URL from the browser history) and it lets you play it back. Edited August 12, 2023 by gskmr2 Link to comment Share on other sites More sharing options...
Solution rbjtech 4301 Posted August 12, 2023 Solution Share Posted August 12, 2023 (edited) Yep - nothing new here - if you have the stream url and details - you can playback on a browser or vlc (network stream) etc. Unfortunately emby does not enforce authorisation per connection - I believe this is changing soon - but for the moment, agree 100% this is a bypass. You may be able to reduce the impact if you use Incognito mode, or choose to clear the link history on exit. You may be able to do it just for the emby URL. Edited August 12, 2023 by rbjtech Link to comment Share on other sites More sharing options...
gskmr2 1 Posted August 12, 2023 Author Share Posted August 12, 2023 Thanks for the info, wasn't sure if it was known or not. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now