philby 3 Posted January 25, 2018 Share Posted January 25, 2018 Well, that was a bit scary right now. Had Emby running on my Synology, and decided to create a web app for it using Fluid. The URL for this fluid instance is my Synology dynDNS address, with the 8096 port at the end. I was a bit surprised when the web app immediately logged itself in, with no entry whatsoever needed or even possible, from my side – it doesn't share cookies with Safari (where I'm logged in). So I open the same dynDNS URL with Firefox: immediate login as admin with full rights over everything. So maybe it's because I'm in the same network, and Emby somehow checks IPs? Open the VPN, get a US-based IP, open the URL again in another browser: bingo, auto-login. I then try this with Safari on my iPhone while in the same WLAN: autologin. I turn off WLAN and switch to Firefox on the Phone: you guessed it, autologin. I even open my wife's laptop, enter the link: autologin. Seems to me anyone who opens this URL from anywhere in the world has immediate admin access to all my Emby contents. That can't be how it's supposed to work. Where do I switch this off in Emby? Link to comment Share on other sites More sharing options...
Luke 37096 Posted January 25, 2018 Share Posted January 25, 2018 Hi, just give your emby user a password. If there is only one single emby user, and if that user doesn't have a password, then it will log you straight in because at that point it's nothing more than an extra click. Link to comment Share on other sites More sharing options...
philby 3 Posted January 26, 2018 Author Share Posted January 26, 2018 Ahhh... coming over from Plex, I thought entering my Emby connect data would secure the account. Beginner error. Link to comment Share on other sites More sharing options...
Luke 37096 Posted January 26, 2018 Share Posted January 26, 2018 The difference is your server is only tied to your cloud Emby Connect account if you want it to be. That makes user management much more flexible but you do have to manage what users can access and how they can access it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now