ddurdle 75 Posted October 4, 2018 Posted October 4, 2018 (edited) What is the purpose of this streaming API call? https://github.com/MediaBrowser/Emby/wiki/Video-Streaming Why I ask is that I had a user demonstrate to me how they can highjack the media on my emby server by hotlinking these URLs wherever he chooses. It doesn't require any kind of authentication. The user just needs to dump out the item IDs and then he can download whatever he wants, whereever he wants, even if he doesn't have an account. Seems like a huge security hole. Edited October 4, 2018 by ddurdle 1
Luke 42080 Posted October 4, 2018 Posted October 4, 2018 It's something we'll improve in the future. Thanks.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now