Local Network sign in / Security

[csadoian 36]

In line with the security problem reported on this forum, my server was one of those affected by the breach.  I took the steps laid out in the security advisory and since I do allow my server to be accessed outside my LAN I decided to make changes to the Emby user account that I normally log into when I use Emby.

I have been running Emby since first setting up a server in 2017 and my main account always had Admin privileges in Emby.  I suspect many servers were set up this way.  So I made a separate "Emby Admin" account with a different password and downgraded my "normal" account to not have Admin privileges.  I also set my new Admin account to "Require a password on the local network".  If I log into the Admin account from, say, Emby Theater, I must enter the password.  However, if I CLOSE Emby Theater and then reopen it (on the same machine, local network) EMBY puts me back into the Admin account WITHOUT asking for a password.  This seems incorrect to me.  I would think that If I set it to ask me for my password on my local network it should ALWAYS ask me to input my password, no matter what client I use.  I suppose if I logged out instead of just closing Emby Theater it would prompt me for a password, but that's not what I normally do.  In light today's security breach, I think a change should be considered here. 

Also, on a Windows machine, can Emby Server be run under a user account with normal (user) privileges or does it require an account with Admin privileges?  Presently I have my Emby server running on a headless Windows 10 Professional machine, but the user account has Admin privileges.  If the server can be run under an account with only user privileges then I will also change it there, which will provide better security.

 

[pwhodges 2037]

The anility to start a client without having to do a full login each time is fundamental - I guess you're suggesting that admin accounts should not be allowed to be logged in using cached credentials.  That certainly merits serious consideration.  I'm not certain, but I imagine this would require a change in each client rather than just at the server.

Paul

[csadoian 36]

The Roku client has an option to either "Remember me" or not.  If you choose to disable this option you basically have to log on each time.  Don't know if other clients have this option (couldn't find one in Emby Theater).

Since I now have a separate "Admin" user on my system it wouldn't bother me to have all the Emby clients honor the "Require a password on the local network" setting.  If someone doesn't want to be constantly asked for a password for a particular account they could always choose the setting "Don't require a password on the local network" on a per user basis.

[Luke 42256]

I think ultimately the local network password option will go away and we'll just have to improve the login and user switching experience in our apps.

[darkassassin07 674]

@Luke while I can understand disabling the ability to login without a password altogether; why does this effect the ability to use a pin code??

I've never allowed users to have no pass/disable auth entirely, but I use a pin quite regularly especially with the xbone app via a standard universal IR tv remote. I only have numbers accessible on that type of remote and now can't use it to login (unless I bring up the full on-screen keyboard and expose my pass to everyone in the room).

Edited May 26, 2023 by darkassassin07

[Luke 42256]

That may not have to change. We're still bouncing around ideas internally.

[crusher11 1151]

3 hours ago, Luke said:

I think ultimately the local network password option will go away and we'll just have to improve the login and user switching experience in our apps.

As an admin, I can currently log in to the account of any user I want to by doing so locally and allowing password bypass. This let's me get into other users' accounts to adjust settings, favourites, etc.

Would this change end my ability to do this? 

[seanbuff 1358]

56 minutes ago, crusher11 said:

This let's me get into other users' accounts to adjust settings, favourites, etc

You can always change user settings "as that user" under their profile using this link:

The above won't allow you to view their favourites, etc though.

But yes, allowing you to login locally without a password may change in light of recent events, and sounds like may prevent you from doing that. We just don't know what it will look like just yet.

[moviefan 187]

5 hours ago, Luke said:

I think ultimately the local network password option will go away and we'll just have to improve the login and user switching experience in our apps.

Do you mean the no password required when on local network option?  As long as this can be implemented at the application level in a secure way I think it should stay.  Makes usability much better.  I get why you have removed it for Admins.  But I am not sure I see the security risk in allowing normal users this level of access.

[ebr 16346]

11 hours ago, seanbuff said:

You can always change user settings "as that user" under their profile using this link

Those are only the server and web app settings.  Some settings are app-specific.

[csadoian 36]

16 hours ago, csadoian said:

Also, on a Windows machine, can Emby Server be run under a user account with normal (user) privileges or does it require an account with Admin privileges?  Presently I have my Emby server running on a headless Windows 10 Professional machine, but the user account has Admin privileges.  If the server can be run under an account with only user privileges then I will also change it there, which will provide better security.

 

@LukeComment on this?  By the way, here I'm talking about the WINDOWS user account, not the Emby user account.

[moviefan 187]

18 minutes ago, csadoian said:

@LukeComment on this?  By the way, here I'm talking about the WINDOWS user account, not the Emby user account.

I run Emby on my Windows system as a user without Admin privileges.  It is definitely supported this way.