Is Emby Connect using SSL?

[CChris 58]

how should a notification in the dashbord should be done?
I am not using the emby implemented "secure" options.... I am not using the SSL port from emby, nor I have set up the remote connection up within emby.
still I am able to connect to my emby server from wherever I want to.

To be honest:
From my thoughts, Emby should make clear, what the software is.
A Media Server.

It is not part of the Emby Software to secure the connection to the server software.
I haven't seen this in any other server application, to be honest.

 

implementing basic server security features into emby will prevent the developers on focusing on other topics, just because someone want to setup a server, which can be connected from wherever the user wants - but he does not want to sit down and learn how things are working?

That's what I meant with "it is the administrators responsibility" - If I want to be able to connect my applications through internet, I have to learn how to do it.

It is not the responsibility of the software / their developers to take this responsibility.

But anyway... I know, that I don't need the emby connect feature... so I don't care, if this app.emby.media address is using https:// or not...
And - I don't know, how many users are using this method for connecting to their server...

[deme74 2]

how should a notification in the dashbord should be done?

 

I don't know. My point was to raise a concern. If I was wrong, no biggie, I've been wrong before...

[EODCrafter 180]

I agree.

The average user of emby isn't a server architect.

But honestly... those people should avoid to make ANYTHING available from outside their home network...

Just what I've seen in several other discussions when it came to "portforwarding" and things like this....

 

That kinda defeats the whole purpose of a Media Server doesn't it?

[CChris 58]

not absolutely.
I can have a media-server in my home network which I can use with all the devices I have at home.

sure, talking about watching your tv shows or listen to your music while laying on the beach ... is another page of the book. But from my opinion, If I want this, I need to sit down and understand how to secure these things.
Still not part, Emby should be responsible for.

[deme74 2]

Deleted: my bad

Edited February 27, 2019 by deme74

[Carlo 4331]

Have you guys actually tried to setup your Emby server to ONLY allow SSL connections then use http (not s) from Emby Connect to see what it actually does?

[deme74 2]

Yes, I did, this is my current setup, perhaps I wasn't clear.

 

I checked and the video stream is delivered via https to the http app so from the server point of view the connection is secure. It's only the web app in the brower which is not. I think opening by default the https version of the web app would be safer.

[ebr 14959]

I think opening by default the https version of the web app would be safer.

 

There isn't a true vulnerability here, just a perception.  We cannot force this connection to https or probably 80% of our users wouldn't be able to connect remotely.  We are working on a solution that will improve this and allow people to more easily setup secured connections.

[deme74 2]

There isn't a true vulnerability here, just a perception.  We cannot force this connection to https or probably 80% of our users wouldn't be able to connect remotely.  We are working on a solution that will improve this and allow people to more easily setup secured connections.

 

Great, thanks

[Carlo 4331]

There isn't a true vulnerability here, just a perception.  We cannot force this connection to https or probably 80% of our users wouldn't be able to connect remotely.  We are working on a solution that will improve this and allow people to more easily setup secured connections.

That's what I was getting to but you beat me.