pir8radio 1292 Posted March 11, 2015 Share Posted March 11, 2015 I have a guest user setup with no privileges, though the links are hidden from the GUI this user can still type in /web/edititemmetadata.html and edit metadata, same goes for user preferences... I have yet to test this bypassing the reverse proxy, i hope that's the issue. Otherwise the security settings don't do anything if your familiar with the media browser paths. Can someone confirm or deny please. Link to comment Share on other sites More sharing options...
Rowlett 9 Posted March 11, 2015 Share Posted March 11, 2015 i've just tried today without using reverse proxy and also get same results - a user with guest access using direct links (like the one you posted) was able to access everything Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted March 13, 2015 Author Share Posted March 13, 2015 (edited) Is this something that we can get fixed in the next release? Pretty please? Edited March 13, 2015 by pir8radio Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted March 14, 2015 Author Share Posted March 14, 2015 Just a BUMP reminder, I can not open my server to the general public if they can bypass security settings and change my files, or edit their user profile. I will continue to search for some holes, if i find many more ill just make a new thread... Link to comment Share on other sites More sharing options...
pir8radio 1292 Posted March 20, 2015 Author Share Posted March 20, 2015 @@Luke @@ebr These security holes are still in the new beta. Link to comment Share on other sites More sharing options...
Luke 37092 Posted March 20, 2015 Share Posted March 20, 2015 the api is secure, and that will prevent them from making any changes. it's just the html and that will be looked at in a future release Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now