KOD 2 Posted January 11, 2018 Share Posted January 11, 2018 Hi guys, new here and new to Emby. After very frustrating use of Plex on my NAS, I am glad that I do use Emby now. Only a couple of things worry me and I hope that there is a way to implement these features in Emby myself or in upcoming versions. 1) The first user you create is an admin user of the Emby Server, there is no way to block rights for managing this server from WAN Managing a server is nice from WAN, but not safe. How to disable this, without blocking myself out within my LAN :-) 2) Guest users do have by default to many rights. Of course you can adjust this, but it is not logical at all to give delete rights by default etc. 3) There is no way to set minimal password requirements!!! and every user can set/reset his own password 4) All accounts will be published by default, which is unsafe because of the next point: 5) Accounts can't be locked out after X attempts for X time, so because of 1,2 and 3 it is very very easy to brute force accounts. Of cource you can block internet access on your FW, but then you lose of lot of flexibility of media streaming on-the-go and sure stronger passwords do work, but because of point 3, other user accounts (friends) can do whatevery they like. 2 Link to comment Share on other sites More sharing options...
Abobader 2942 Posted January 11, 2018 Share Posted January 11, 2018 but it is not logical at all to give delete rights by default etc. +1 Link to comment Share on other sites More sharing options...
Luke 37060 Posted January 11, 2018 Share Posted January 11, 2018 1) The first user you create is an admin user of the Emby Server, there is no way to block rights for managing this server from WAN Managing a server is nice from WAN, but not safe. How to disable this, without blocking myself out within my LAN :-) The next release of Emby Sever will have a setting to disable remote access. Link to comment Share on other sites More sharing options...
Luke 37060 Posted January 11, 2018 Share Posted January 11, 2018 Guest users do have by default to many rights. Of course you can adjust this, but it is not logical at all to give delete rights by default etc. Which permission in particular are you referring to? thanks. Link to comment Share on other sites More sharing options...
Luke 37060 Posted January 11, 2018 Share Posted January 11, 2018 4) All accounts will be published by default, which is unsafe because of the next point: You can hide users from login screens in user settings. Link to comment Share on other sites More sharing options...
KOD 2 Posted January 12, 2018 Author Share Posted January 12, 2018 You can hide users from login screens in user settings. Yes, I know. But it is strange that by default this setting is on when you take in account the other "issues" then this is very unsafe at this moment. Because of this I have manual restricted the embysvr user in my NAS Link to comment Share on other sites More sharing options...
KOD 2 Posted January 12, 2018 Author Share Posted January 12, 2018 The next release of Emby Sever will have a setting to disable remote access. That is great! Link to comment Share on other sites More sharing options...
KOD 2 Posted January 12, 2018 Author Share Posted January 12, 2018 (edited) Which permission in particular are you referring to? thanks. It is better when you create an account, that you have to think about what you want so the following selections should better be disabled by default: - Enable access to all libraries - Enable access to all channels - Allow Media Deletion From: All libraries !! - Allow remote control of shared devices - Allow social media sharing - Hide this user from login screens (should be enabled by default) Another more professional implementation would be to be able as the administrator of the emby server to make User Groups with rights and access. Then you don't have to make each setting for every user who you would like to grant access. Then password settings should have the following options: - minimal passwd length - minimal passwd requirements (capitals, numbers, etc) - number of passwd tries and account lock out time - change passwd at first logon Edited January 12, 2018 by KOD Link to comment Share on other sites More sharing options...
Luke 37060 Posted January 12, 2018 Share Posted January 12, 2018 @@KOD how did you create this guest? 1 Link to comment Share on other sites More sharing options...
KOD 2 Posted January 15, 2018 Author Share Posted January 15, 2018 @@KOD how did you create this guest? I just create them as a user. So I don't use the create guest option, because I didn't link my Emby account to the server. But perhaps (part) of my commands can be implemented in the future :-) Link to comment Share on other sites More sharing options...
Luke 37060 Posted January 15, 2018 Share Posted January 15, 2018 Yes some of those are possible for the future, thanks. Link to comment Share on other sites More sharing options...
SeanM 32 Posted January 19, 2018 Share Posted January 19, 2018 I would love to see the option to block IP addresses from other countries in order to cut down on rogue users attempting to gain access. Link to comment Share on other sites More sharing options...
Luke 37060 Posted January 19, 2018 Share Posted January 19, 2018 That's not easy to do. It would be much easier to instead whitelist the ip addresses that you consider to be friendly. Link to comment Share on other sites More sharing options...
KOD 2 Posted January 19, 2018 Author Share Posted January 19, 2018 (edited) Hi Luke, just noticed a Server Update (great job), can't find the "disable remote access" in the Advanced menu (or any other menu). I only noticed "Allow remote connections to this Emby Server". but disabling this, blocks all access from outside the local network :-) If this is not the implementation I expeteced, perhaps the admin/dahsboard should run on another port. Edited January 20, 2018 by KOD Link to comment Share on other sites More sharing options...
KOD 2 Posted January 19, 2018 Author Share Posted January 19, 2018 I would love to see the option to block IP addresses from other countries in order to cut down on rogue users attempting to gain access. It is not logical to create these kind of access rules on your server. Better (and safer) to do this on your router. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now