For example?
Comment on Plex got hacked.
TheGrandNagus@lemmy.world 2 weeks agoI enjoy using Jellyfin and hope it continues to improve, but it has some problematic security of its own.
bobzer@lemmy.zip 2 weeks ago
magguzu@midwest.social 2 weeks ago
bobzer@lemmy.zip 2 weeks ago
Thank you. These should get fixed.
But again, I can host behind a VPN and have zero risk here. I can work around my own shit, a Plex user can’t protect their data when Plex owns it.
weirdbeardgame@lemmy.world 2 weeks ago
Lack of built-in 2FA for one thing
bobzer@lemmy.zip 2 weeks ago
But it’s not difficult to integrate it yourself.
It’s inherently different. Plex liked having your data and didn’t protect it.
Jellyfins security is as good as the infrastructure you build yourself.
Logical@lemmy.world 2 weeks ago
But if you just run it locally an a media server in your home, and you don’t expose the service to the internet, that doesn’t really matter? Though perhaps more people connect to their Jellyfin instances remotely than I realize.
thax@lemmy.dbzer0.com 2 weeks ago
It matters if someone manages to hide an exploit in jellyfin’s codebase, or more likely, a popular plugin. I imagine many folk have permissive outgoing firewall rules, in which case, an exploit could establish connectivity. Whether that eventually leads to privilege escalation on the jellyfin host would depend upon other variables.
cosmo@lemmy.world 2 weeks ago
Well. If you’re not streaming why have such a service in the first place? If I didn’t stream remotely with Plex (and share with my friends and family) I’d just go back to running Kodi on my htpc like I did ten years ago.
nonfuinoncuro@lemmy.zip 2 weeks ago
steam locally to multiple devices plus for remote streaming I just VPN into my home network
cosmo@lemmy.world 2 weeks ago
Fair enough.