Comment on How to secure Jellyfin hosted over the internet?
Mubelotix@jlai.lu 1 year ago
Jellyfin is secure by default, as long as you have https. Just chose a secure password
Comment on How to secure Jellyfin hosted over the internet?
Mubelotix@jlai.lu 1 year ago
Jellyfin is secure by default, as long as you have https. Just chose a secure password
doeknius_gloek@discuss.tchncs.de 1 year ago
No, it isn’t.
rice@lemmy.org 1 year ago
I wouldn’t say “great” it’s ok software. Not even due to all of those security things which is a nightmare too. They do things like break the search speed months ago and not have any idea why, it’s so insanely slow and on top of that it somehow lags the entire client when searching too, not just the server which is the only thing doing the query. Lots of issues just with that.
LiveLM@lemmy.zip 1 year ago
Oh boy. Nope. My friends gonna have to fiddle with a VPN, forget exposing JF to the outside…
rice@lemmy.org 1 year ago
wireguard honestly takes like 30 seconds to do once you learn how to use it.
Flipper@feddit.org 1 year ago
Some of these are bonkers. The argument not to fix them because of backwards compatibility is even wilder. Which normal client would need the ability to get data for any other account that it hasn’t the Auth token for.
sugar_in_your_tea@sh.itjust.works 1 year ago
Just make a different API prefix that’s secure and subject to change, and once the official clients are updated, deprecate the insecure API (off by default).
That way you preserve backwards compatibility without forcing everyone to be insecure.
merthyr1831@lemmy.ml 1 year ago
Even just basic API versioning would be sufficient. .NET offers a bunch of ways to handle breaking changes in APIs
Mubelotix@jlai.lu 1 year ago
Wtf. Thank you