I enjoy using Jellyfin and hope it continues to improve, but it has some problematic security of its own.
Comment on Plex got hacked.
CriticalMiss@lemmy.world 21 hours ago
Jellyfin advertisement 🤷♂️
TheGrandNagus@lemmy.world 19 hours ago
Logical@lemmy.world 16 hours ago
But if you just run it locally an a media server in your home, and you don’t expose the service to the internet, that doesn’t really matter? Though perhaps more people connect to their Jellyfin instances remotely than I realize.
thax@lemmy.dbzer0.com 15 hours ago
It matters if someone manages to hide an exploit in jellyfin’s codebase, or more likely, a popular plugin. I imagine many folk have permissive outgoing firewall rules, in which case, an exploit could establish connectivity. Whether that eventually leads to privilege escalation on the jellyfin host would depend upon other variables.
cosmo@lemmy.world 16 hours ago
Well. If you’re not streaming why have such a service in the first place? If I didn’t stream remotely with Plex (and share with my friends and family) I’d just go back to running Kodi on my htpc like I did ten years ago.
nonfuinoncuro@lemmy.zip 8 hours ago
steam locally to multiple devices plus for remote streaming I just VPN into my home network
bobzer@lemmy.zip 17 hours ago
For example?
magguzu@midwest.social 8 hours ago
bobzer@lemmy.zip 8 hours ago
Thank you. These should get fixed.
But again, I can host behind a VPN and have zero risk here. I can work around my own shit, a Plex user can’t protect their data when Plex owns it.
weirdbeardgame@lemmy.world 16 hours ago
Lack of built-in 2FA for one thing
bobzer@lemmy.zip 8 hours ago
But it’s not difficult to integrate it yourself.
It’s inherently different. Plex liked having your data and didn’t protect it.
Jellyfins security is as good as the infrastructure you build yourself.
TheGreenWizard@lemmy.zip 17 hours ago
OK, coming from a Jellyfin user for years, its not like it’s impervious to any attacks.
localhorst@sh.itjust.works 20 hours ago
🍮🇫🇮
Retro_unlimited@lemmy.world 20 hours ago
Just installed that yesterday lol
BackgrndNoize@lemmy.world 17 hours ago
Stuff like this can happen to any app, developers are only human, shit happens, but the bigger a company is, the bigger target it becomes, so there is some saftey in an open source app that’s not as popular, but then again a bigger company also has more resources to monitor for security breaches and quickly address them and push out a hot fix, can’t say I know how this works for smaller free open source apps
Sneptaur@pawb.social 16 hours ago
I think the point here is that Jellyfin doesn’t have a centralized login or website like Plex does. An attacker would have to know about your server and log into it directly to get access. If you run it in a container, there isn’t a lot they can do other than trashing your media library, which you should have protected with filesystem snapshots anyway.
purplemonkeymad@programming.dev 15 hours ago
Jellyfin doesn’t even have write access to my files. If they can get access into the container’s process then I guess they could add stuff to the web interface which could contain bad stuff.