magicdelux 5 Posted June 13, 2019 Posted June 13, 2019 Anonymous users can access videos by using the stream link, like https://myserver.com/Videos/{Id}/stream.mp4 How can I prevent this and have users to login first? 1
Luke 42085 Posted June 13, 2019 Posted June 13, 2019 Hi, it's something we need to address in a future update. It will require changes to a number of apps. Thanks.
magicdelux 5 Posted June 13, 2019 Author Posted June 13, 2019 Thanks for the prompt reply. Just to be sure. Currently there is no way of preventing anonymous access to videos on the emby server?
Luke 42085 Posted June 13, 2019 Posted June 13, 2019 Well the person would have to know a video id to begin with.
magicdelux 5 Posted June 13, 2019 Author Posted June 13, 2019 Sure. But writing a simple script which enumerates the id and tries to download the video should not be difficult to create. At least, this is a simple way for sharing a video by url 3
chef 3810 Posted June 13, 2019 Posted June 13, 2019 Technically it could be done for API keys as well. But that's a lotta enumeration of chars and ints to get one possible, unknown media item.
magicdelux 5 Posted June 13, 2019 Author Posted June 13, 2019 Technically it could be done for API keys as well. But that's a lotta enumeration of chars and ints to get one possible, unknown media item. Sure. But API keys aren't by default numerical and incremental 1
mastrmind11 722 Posted June 13, 2019 Posted June 13, 2019 can't you just block unknown ips at the edge of your network.
Gilgamesh_48 1240 Posted June 13, 2019 Posted June 13, 2019 can't you just block unknown ips at the edge of your network. I would think the easiest solution and the one I use is just to turn off remote access. There is no one I like well enough to share my library with. I am sure those feelings are returned by many. As I have aged my crotchety factor has increased dramatically and crotchety is not a good way to enamor others to one. That is that will work unless the above hack works even with remote access off. If that is the case then I guess the problem even impacts me. That would make me sad. ):
Senna 368 Posted June 14, 2019 Posted June 14, 2019 Interesting indeed.... Emby server dashboard doesn't have a clue that anonymous access is taken place, while a big EMBY hole is letting Emby content through. Even an Emby server setup with Cloudflare managed domain with SSL gets useless now (IF no IP white and/or blacklisting is in place), when Emby content can be accessed WITHOUT authentication Shouldn't this be a HIGH priority FIX for the Emby Devs ?! 3
Senna 368 Posted June 14, 2019 Posted June 14, 2019 Wowww, things are getting even more interesting...... It's even doing transcoding with anonymous access, WITHOUT indicating in dashboard that Emby media is getting transcoded... 3
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now