odeuxcool 8 Posted March 12 Posted March 12 Bonjour, Cela ne sert a rien de parler avec eux, la sécurité n'est pas d'actualité chez Emby. C'est franchement abusé mais que voulez-vous, ont fait avec !
bandit8623 116 Posted March 12 Posted March 12 27 minutes ago, amphyvi said: Chipping in to say we definitely need MFA/2FA support. I like bandit8623's idea of restricting it to user accounts & requiring LAN access for admin use. i would say though if 2fa was added then i would say we could allow outside access with admin account. but in current stage with no 2fa its just bad practice to allow admin account to be logged into remotely.
ALLSTAR1986 8 Posted March 13 Posted March 13 What is the current status? I would be in favor of a 2FA when adding new devices and then whitelisting the device if necessary. I have also secured my ASUSTOR NAS with a 2FA. With Emby I already lack this, if someone gains access to my admin account at Emby, they can wipe out my entire Emby server and delete everything! So I would definitely be in favor of a 2FA
raudraido 44 Posted March 14 Posted March 14 11 hours ago, ALLSTAR1986 said: What is the current status? I would be in favor of a 2FA when adding new devices and then whitelisting the device if necessary. I have also secured my ASUSTOR NAS with a 2FA. With Emby I already lack this, if someone gains access to my admin account at Emby, they can wipe out my entire Emby server and delete everything! So I would definitely be in favor of a 2FA Even if Emby had 2FA, please do not consider it as an protection against everything. At least make sure emby has read-only acccess to your library, so even if emby gets compromised, it's not that bad.. If you are running it on windows, consider at least docker, better would be docker on linux.. and so on.
hapylestat 9 Posted March 14 Posted March 14 On 8/25/2022 at 5:48 PM, ebr said: And, just as another point of information - the other guys already have 2FA but that did not stop this attack apparently. This is still a good request. I just don't think it is any kind of "Holy Grail" to any real exposure here since Emby users are spread out among all different Emby instances, rather than a central repository. And is there any SSO/SAML/OIDC in plans, if there no wish to implement 2fa? In such case people would be able to configure it via those providers.
hapylestat 9 Posted March 14 Posted March 14 8 hours ago, raudraido said: Even if Emby had 2FA, please do not consider it as an protection against everything. At least make sure emby has read-only acccess to your library, so even if emby gets compromised, it's not that bad.. If you are running it on windows, consider at least docker, better would be docker on linux.. and so on. Security starts from the network architecture, proper internet router, VLAN's. firewall with support of security zones and then only comes the exposed service isolation itself. But still, security are created from the layers, like onion. And support of 2FA is one of them. 3
raudraido 44 Posted March 15 Posted March 15 On 3/14/2025 at 6:22 PM, hapylestat said: Security starts from the network architecture, proper internet router, VLAN's. firewall with support of security zones and then only comes the exposed service isolation itself. But still, security are created from the layers, like onion. And support of 2FA is one of them. Yes yes, You are correct and I fully support 2FA (or similar) on emby. But the reallity is that this is not going anywhere, meanwhile you still have to secure it.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now