ddurdle 75 Posted October 4, 2018 Share Posted October 4, 2018 (edited) What is the purpose of this streaming API call? https://github.com/MediaBrowser/Emby/wiki/Video-Streaming Why I ask is that I had a user demonstrate to me how they can highjack the media on my emby server by hotlinking these URLs wherever he chooses. It doesn't require any kind of authentication. The user just needs to dump out the item IDs and then he can download whatever he wants, whereever he wants, even if he doesn't have an account. Seems like a huge security hole. Edited October 4, 2018 by ddurdle 1 Link to comment Share on other sites More sharing options...
Luke 37360 Posted October 4, 2018 Share Posted October 4, 2018 It's something we'll improve in the future. Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now