mntimmah 1 Posted June 27, 2018 Share Posted June 27, 2018 (edited) I am happy with the implementation of the remote connection options with emby with the exception of one thing.... If I give someone remote access, the user names/profile pictures are all showing up in plain sight when coming in on the wan unless I completely hide the user from login screen all the time. Showing user names on an internet connected web service is IMHO a serious security flaw since knowing a valid user name is more than half the battle with getting in to a server. I think that there would be 2 ways to help with this problem. First Choice, Most secure in my own opinion would be to change the login screen to hide all users if coming from remote connection. That way if I am on the LAN, I will be able to see the profiles that I have chosen to not be hidden and they are easy to get to from roku, android tv, etc.... But if I connect to the server from an IP Address not in my local subnets that I specified, I would be just presented the username/password screen and would have to enter them manually to proceed. Second Choice, On each user, when I click the "Allow Remote Connections" option, there would be a checkbox to "show user on remote login screens" . By default all users are hidden from remote login screens unless this checkmark is there for showing the user. I hope the way I am phrasing all of this makes sense. mntimmah Edited June 27, 2018 by mntimmah 1 Link to comment Share on other sites More sharing options...
ebr 14913 Posted June 28, 2018 Share Posted June 28, 2018 Profile visibility different within LAN than from WAN Link to comment Share on other sites More sharing options...
Recommended Posts