Comment on That's all folks, Plex is starting to charge for sharing
vithigar@lemmy.ca 4 weeks agoJellyfin has some security issues that, depending on who you ask, are either critical vulnerabilities that make it completely unsafe to expose to the Internet or largely unconcerning for regular users.
cyberwolfie@lemmy.ml 4 weeks ago
I’m not overly concerned about my instance running behind a reverse proxy. Perhaps I am just naive…
MaggiWuerze@feddit.org 4 weeks ago
Honestly yeah. The Jellyfin Backend is basically unauthenticated for a large part, allowing anyone to map and stream your content as soon as they guessed the ids, which isn’t that hard, since they are based on the paths on your device. So if your movie sits in /mnt/media/movies/the_bee_movie that is pretty esay to guess and calculate the id from, allowing anyone to stream that content from your server
cyberwolfie@lemmy.ml 4 weeks ago
And apart from an undesirable bandwidth usage resulting from someone guessing their way to my file structure, how can this be used to compromise my server?
MaggiWuerze@feddit.org 4 weeks ago
They can stream content from your server or map out ehat you have on there by using a rainbow table. Depending on the country you live on they can use that combined with your IP to start litigating you
vardogor@mander.xyz 4 weeks ago
if you reverse proxy into a VPN this isn’t an issue
MaggiWuerze@feddit.org 4 weeks ago
The magic bullet in that sentence is VPN not reverse proxy