fizzyade 132 Posted February 11, 2020 Posted February 11, 2020 I tried searching for this, but couldn't see anything obvious in the search results, but then searching for new user password is a pretty generic search. This is something that's bothered me for ages, when you add a new user to Emby their password is empty and therefore anybody remotely could log in as that user (no matter how unlikely this may be). Emby should be a security concious application and either generate a temporary password and display this or create the user in a disabled state. If you want to allow it to create blank user passwords, then an option to allow us to set a password (i.e always show a password field, but allow blank) when creating a password would mitigate this.
Luke 42080 Posted February 12, 2020 Posted February 12, 2020 Hi, yes i agree this is a good idea. Thanks for the feedback.
Q-Droid 989 Posted February 12, 2020 Posted February 12, 2020 (edited) I thought you could not enable remote access for user accounts that don't have a password. Edited February 12, 2020 by Q-Droid
fizzyade 132 Posted February 12, 2020 Author Posted February 12, 2020 I thought you could not enable remote access for user accounts that don't have a password. Even if you can, there should be a warning or an option to allow you that setting a password is a good idea. Providing a secure random generated password as default is even better. Just removes the possibility of people unwittingly leaving their server open.
crusher11 1101 Posted February 12, 2020 Posted February 12, 2020 I thought you could not enable remote access for user accounts that don't have a password.You can, I've done it. Very briefly for troubleshooting purposes.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now