NextPVR 5.1.1 security enhancement.

[emveepee 112]

NextPVR 5.1.1 was released today and addresses security concerns using the live URLs which some Emby users could be using as m3u tuners.  The default setting will mean that these URL's will fail  unless users change Settings->Access to enable "Unauthenticated Access".

As noted in NextPVR this setting is not recommended if the NextPVR server port is exposed to the Internet. 

Any questions on this should be posted on the NextPVR forum.

Martin

[Luke 37062]

HI, thanks for the info. 

@cayars can update our next pvr m3u setup guide.

[Carlo 4330]

Thanks and our KB article on this has be modified to note this change that's needed.

[emveepee 112]

Note that this setting is required for recording in the NextPVR plugin too unless you use the option to use filenames and not streaming, typically only on localhost.   

I was hoping to provide a more secure solution. but unfortunately after repeated requests I didn't receive any developer support on this and it appears Emby has a requirement for fixed naming for recordings but there is not point storing tokens which will expire. 

This security concern exists in the previous versions of NextPVR too, there just was no way to mitigate it.

Martin

[Carlo 4330]

Thanks for the heads up on that @emveepee.

Likely not much of a security concern for those running Emby as NextPVR will likely only be streaming to Emby in most setups (but not always of course).