Comment on How to secure Jellyfin hosted over the internet?
Mubelotix@jlai.lu 4 days ago
Jellyfin is secure by default, as long as you have https. Just chose a secure password
Comment on How to secure Jellyfin hosted over the internet?
Mubelotix@jlai.lu 4 days ago
Jellyfin is secure by default, as long as you have https. Just chose a secure password
doeknius_gloek@discuss.tchncs.de 4 days ago
No, it isn’t.
Flipper@feddit.org 4 days ago
Some of these are bonkers. The argument not to fix them because of backwards compatibility is even wilder. Which normal client would need the ability to get data for any other account that it hasn’t the Auth token for.
sugar_in_your_tea@sh.itjust.works 4 days ago
Just make a different API prefix that’s secure and subject to change, and once the official clients are updated, deprecate the insecure API (off by default).
That way you preserve backwards compatibility without forcing everyone to be insecure.
merthyr1831@lemmy.ml 4 days ago
Even just basic API versioning would be sufficient. .NET offers a bunch of ways to handle breaking changes in APIs
Mubelotix@jlai.lu 4 days ago
Wtf. Thank you
LiveLM@lemmy.zip 4 days ago
Oh boy. Nope. My friends gonna have to fiddle with a VPN, forget exposing JF to the outside…
rice@lemmy.org 4 days ago
wireguard honestly takes like 30 seconds to do once you learn how to use it.
rice@lemmy.org 4 days ago
I wouldn’t say “great” it’s ok software. Not even due to all of those security things which is a nightmare too. They do things like break the search speed months ago and not have any idea why, it’s so insanely slow and on top of that it somehow lags the entire client when searching too, not just the server which is the only thing doing the query. Lots of issues just with that.