Comment on That's all folks, Plex is starting to charge for sharing
vithigar@lemmy.ca 1 month agoJellyfin has some security issues that, depending on who you ask, are either critical vulnerabilities that make it completely unsafe to expose to the Internet or largely unconcerning for regular users.
cyberwolfie@lemmy.ml 1 month ago
I’m not overly concerned about my instance running behind a reverse proxy. Perhaps I am just naive…
MaggiWuerze@feddit.org 1 month ago
Honestly yeah. The Jellyfin Backend is basically unauthenticated for a large part, allowing anyone to map and stream your content as soon as they guessed the ids, which isn’t that hard, since they are based on the paths on your device. So if your movie sits in /mnt/media/movies/the_bee_movie that is pretty esay to guess and calculate the id from, allowing anyone to stream that content from your server
cyberwolfie@lemmy.ml 1 month ago
And apart from an undesirable bandwidth usage resulting from someone guessing their way to my file structure, how can this be used to compromise my server?
MaggiWuerze@feddit.org 1 month ago
They can stream content from your server or map out ehat you have on there by using a rainbow table. Depending on the country you live on they can use that combined with your IP to start litigating you
vardogor@mander.xyz 1 month ago
if you reverse proxy into a VPN this isn’t an issue
MaggiWuerze@feddit.org 1 month ago
The magic bullet in that sentence is VPN not reverse proxy