Comment on How to secure Jellyfin hosted over the internet?
Mubelotix@jlai.lu 2 months ago
Jellyfin is secure by default, as long as you have https. Just chose a secure password
Comment on How to secure Jellyfin hosted over the internet?
Mubelotix@jlai.lu 2 months ago
Jellyfin is secure by default, as long as you have https. Just chose a secure password
doeknius_gloek@discuss.tchncs.de 2 months ago
No, it isn’t.
Flipper@feddit.org 2 months ago
Some of these are bonkers. The argument not to fix them because of backwards compatibility is even wilder. Which normal client would need the ability to get data for any other account that it hasn’t the Auth token for.
sugar_in_your_tea@sh.itjust.works 2 months ago
Just make a different API prefix that’s secure and subject to change, and once the official clients are updated, deprecate the insecure API (off by default).
That way you preserve backwards compatibility without forcing everyone to be insecure.
merthyr1831@lemmy.ml 2 months ago
Even just basic API versioning would be sufficient. .NET offers a bunch of ways to handle breaking changes in APIs
Mubelotix@jlai.lu 2 months ago
Wtf. Thank you
LiveLM@lemmy.zip 2 months ago
Oh boy. Nope. My friends gonna have to fiddle with a VPN, forget exposing JF to the outside…
rice@lemmy.org 2 months ago
wireguard honestly takes like 30 seconds to do once you learn how to use it.
rice@lemmy.org 2 months ago
I wouldn’t say “great” it’s ok software. Not even due to all of those security things which is a nightmare too. They do things like break the search speed months ago and not have any idea why, it’s so insanely slow and on top of that it somehow lags the entire client when searching too, not just the server which is the only thing doing the query. Lots of issues just with that.