Comment on That's all folks, Plex is starting to charge for sharing
vithigar@lemmy.ca 6 days agoJellyfin has some security issues that, depending on who you ask, are either critical vulnerabilities that make it completely unsafe to expose to the Internet or largely unconcerning for regular users.
cyberwolfie@lemmy.ml 6 days ago
I’m not overly concerned about my instance running behind a reverse proxy. Perhaps I am just naive…
MaggiWuerze@feddit.org 6 days ago
Honestly yeah. The Jellyfin Backend is basically unauthenticated for a large part, allowing anyone to map and stream your content as soon as they guessed the ids, which isn’t that hard, since they are based on the paths on your device. So if your movie sits in /mnt/media/movies/the_bee_movie that is pretty esay to guess and calculate the id from, allowing anyone to stream that content from your server
cyberwolfie@lemmy.ml 6 days ago
And apart from an undesirable bandwidth usage resulting from someone guessing their way to my file structure, how can this be used to compromise my server?
MaggiWuerze@feddit.org 6 days ago
They can stream content from your server or map out ehat you have on there by using a rainbow table. Depending on the country you live on they can use that combined with your IP to start litigating you
vardogor@mander.xyz 5 days ago
if you reverse proxy into a VPN this isn’t an issue
MaggiWuerze@feddit.org 5 days ago
The magic bullet in that sentence is VPN not reverse proxy