CChris 58 Posted February 26, 2019 Share Posted February 26, 2019 how should a notification in the dashbord should be done?I am not using the emby implemented "secure" options.... I am not using the SSL port from emby, nor I have set up the remote connection up within emby.still I am able to connect to my emby server from wherever I want to.To be honest:From my thoughts, Emby should make clear, what the software is.A Media Server.It is not part of the Emby Software to secure the connection to the server software.I haven't seen this in any other server application, to be honest. implementing basic server security features into emby will prevent the developers on focusing on other topics, just because someone want to setup a server, which can be connected from wherever the user wants - but he does not want to sit down and learn how things are working?That's what I meant with "it is the administrators responsibility" - If I want to be able to connect my applications through internet, I have to learn how to do it. It is not the responsibility of the software / their developers to take this responsibility.But anyway... I know, that I don't need the emby connect feature... so I don't care, if this app.emby.media address is using https:// or not...And - I don't know, how many users are using this method for connecting to their server... Link to comment Share on other sites More sharing options...
deme74 2 Posted February 26, 2019 Author Share Posted February 26, 2019 how should a notification in the dashbord should be done? I don't know. My point was to raise a concern. If I was wrong, no biggie, I've been wrong before... Link to comment Share on other sites More sharing options...
EODCrafter 180 Posted February 26, 2019 Share Posted February 26, 2019 I agree. The average user of emby isn't a server architect. But honestly... those people should avoid to make ANYTHING available from outside their home network... Just what I've seen in several other discussions when it came to "portforwarding" and things like this.... That kinda defeats the whole purpose of a Media Server doesn't it? Link to comment Share on other sites More sharing options...
CChris 58 Posted February 26, 2019 Share Posted February 26, 2019 not absolutely.I can have a media-server in my home network which I can use with all the devices I have at home.sure, talking about watching your tv shows or listen to your music while laying on the beach ... is another page of the book. But from my opinion, If I want this, I need to sit down and understand how to secure these things.Still not part, Emby should be responsible for. Link to comment Share on other sites More sharing options...
deme74 2 Posted February 27, 2019 Author Share Posted February 27, 2019 (edited) Deleted: my bad Edited February 27, 2019 by deme74 Link to comment Share on other sites More sharing options...
Carlo 4331 Posted February 27, 2019 Share Posted February 27, 2019 Have you guys actually tried to setup your Emby server to ONLY allow SSL connections then use http (not s) from Emby Connect to see what it actually does? Link to comment Share on other sites More sharing options...
deme74 2 Posted February 27, 2019 Author Share Posted February 27, 2019 Yes, I did, this is my current setup, perhaps I wasn't clear. I checked and the video stream is delivered via https to the http app so from the server point of view the connection is secure. It's only the web app in the brower which is not. I think opening by default the https version of the web app would be safer. Link to comment Share on other sites More sharing options...
ebr 14959 Posted February 27, 2019 Share Posted February 27, 2019 I think opening by default the https version of the web app would be safer. There isn't a true vulnerability here, just a perception. We cannot force this connection to https or probably 80% of our users wouldn't be able to connect remotely. We are working on a solution that will improve this and allow people to more easily setup secured connections. 3 Link to comment Share on other sites More sharing options...
deme74 2 Posted February 27, 2019 Author Share Posted February 27, 2019 There isn't a true vulnerability here, just a perception. We cannot force this connection to https or probably 80% of our users wouldn't be able to connect remotely. We are working on a solution that will improve this and allow people to more easily setup secured connections. Great, thanks Link to comment Share on other sites More sharing options...
Carlo 4331 Posted February 27, 2019 Share Posted February 27, 2019 There isn't a true vulnerability here, just a perception. We cannot force this connection to https or probably 80% of our users wouldn't be able to connect remotely. We are working on a solution that will improve this and allow people to more easily setup secured connections. That's what I was getting to but you beat me. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now