Comment on That's all folks, Plex is starting to charge for sharing
Dave@lemmy.nz 5 days agoIsn’t there an assumption it would be behind a reverse proxy… At least I hope that’s the assumption.
Comment on That's all folks, Plex is starting to charge for sharing
Dave@lemmy.nz 5 days agoIsn’t there an assumption it would be behind a reverse proxy… At least I hope that’s the assumption.
MaggiWuerze@feddit.org 4 days ago
Doesn’t do shit when large parts of the Backend are not authenticated
Dave@lemmy.nz 4 days ago
What kids of things?
I’ve never worried that much because it’s not critical data and it’s containerised in Docker, but I am curious about specifics because large numbers of people expose it to the internet (through reverse proxies).
MaggiWuerze@feddit.org 4 days ago
github.com/jellyfin/jellyfin/issues/5415
Dave@lemmy.nz 4 days ago
Cheers for that. Many of these issues allow a user to do admin actions if they do the right things, so it seems you should never allow a user that you don’t fully trust to have an account.
But outside of this, there isn’t anything in there that on its own worries me given the nature of the platform (that is, that if it all burnt down I could retrieve all data from other sources). I’m no expert but a cursory look shows a bunch of potential issues that may be layered with other issues but no clear attack path except with prior knowledge.
These should obviously be fixed but there’s nothing that makes me want to rip my server off the open internet in a hurry.